Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
user.exe

Overview

General Information

Sample name:user.exe
Analysis ID:1584838
MD5:5cc8a6ec6d6fc9d98ef59c905274e4c3
SHA1:bbd7891793055343f045807124138701beb2937c
SHA256:c330b29ffa94084d183e23e4ed0bbbd864e51523ab9df30a09b78078fc5cfc00
Tags:exeuser-aachum
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Found pyInstaller with non standard icon
Uses the Telegram API (likely for C&C communication)
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to detect virtual machines (SGDT)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • user.exe (PID: 7564 cmdline: "C:\Users\user\Desktop\user.exe" MD5: 5CC8A6EC6D6FC9D98EF59C905274E4C3)
    • user.exe (PID: 7656 cmdline: "C:\Users\user\Desktop\user.exe" MD5: 5CC8A6EC6D6FC9D98EF59C905274E4C3)
      • cmd.exe (PID: 7752 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • user.exe (PID: 7760 cmdline: C:\Users\user\Desktop\user.exe MD5: 5CC8A6EC6D6FC9D98EF59C905274E4C3)
    • user.exe (PID: 7840 cmdline: C:\Users\user\Desktop\user.exe MD5: 5CC8A6EC6D6FC9D98EF59C905274E4C3)
      • user.exe (PID: 7976 cmdline: "C:\Users\user\Desktop\user.exe" C:\Users\user\Desktop\user.exe MD5: 5CC8A6EC6D6FC9D98EF59C905274E4C3)
        • user.exe (PID: 2596 cmdline: "C:\Users\user\Desktop\user.exe" C:\Users\user\Desktop\user.exe MD5: 5CC8A6EC6D6FC9D98EF59C905274E4C3)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: user.exeVirustotal: Detection: 12%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B65DC0 CRYPTO_memcmp,7_2_00007FF8E5B65DC0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B611E0 _Py_NoneStruct,_PyArg_UnpackKeywords,PyObject_GetBuffer,PyObject_GetBuffer,PyLong_AsUnsignedLong,PyLong_AsUnsignedLong,PyLong_AsUnsignedLong,EVP_PBE_scrypt,PyBytes_FromStringAndSize,PyEval_SaveThread,EVP_PBE_scrypt,PyEval_RestoreThread,PyExc_ValueError,PyErr_SetString,PyBuffer_Release,PyBuffer_Release,PyLong_AsLong,PyErr_Occurred,PyLong_AsLong,PyErr_Occurred,PyExc_ValueError,PyExc_ValueError,PyErr_Format,_PyArg_BadArgument,_PyArg_BadArgument,_PyArg_BadArgument,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,PyExc_OverflowError,PyExc_OverflowError,_Py_Dealloc,PyExc_ValueError,7_2_00007FF8E5B611E0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D0CD30 CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,EVP_MD_get0_provider,EVP_MD_free,EVP_MD_get0_provider,EVP_MD_free,EVP_CIPHER_get0_provider,EVP_CIPHER_free,EVP_MD_get0_provider,EVP_MD_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_free,7_2_00007FF8E5D0CD30
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D0A6D0 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,7_2_00007FF8E5D0A6D0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D326B0 ERR_new,ERR_set_debug,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,BN_clear_free,7_2_00007FF8E5D326B0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1212 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,7_2_00007FF8E5CF1212
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D34660 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,7_2_00007FF8E5D34660
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF162C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_DigestSignUpdate,EVP_DigestSignFinal,CRYPTO_malloc,EVP_DigestSignFinal,ERR_new,ERR_new,EVP_DigestSign,ERR_new,CRYPTO_malloc,EVP_DigestSign,BUF_reverse,ERR_new,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_MD_CTX_free,7_2_00007FF8E5CF162C
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D56650 EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,7_2_00007FF8E5D56650
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF13D9 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,7_2_00007FF8E5CF13D9
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF24CD CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,7_2_00007FF8E5CF24CD
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D48620 CRYPTO_memcmp,7_2_00007FF8E5D48620
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D105E0 X509_VERIFY_PARAM_free,CRYPTO_free_ex_data,BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free,7_2_00007FF8E5D105E0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1488 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,7_2_00007FF8E5CF1488
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF85A0 CRYPTO_zalloc,CRYPTO_free,7_2_00007FF8E5CF85A0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D66550 CRYPTO_memcmp,7_2_00007FF8E5D66550
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D04530 OPENSSL_sk_num,X509_STORE_CTX_new_ex,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_new,ERR_set_debug,ERR_set_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,7_2_00007FF8E5D04530
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D5C8E0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,7_2_00007FF8E5D5C8E0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D6A8F0 EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_clear_error,ASN1_item_d2i,ASN1_TYPE_get,ERR_new,ERR_set_debug,EVP_PKEY_decrypt,ERR_new,EVP_PKEY_CTX_ctrl,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,ASN1_item_free,7_2_00007FF8E5D6A8F0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF26B2 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,7_2_00007FF8E5CF26B2
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D3E8C0 CRYPTO_free,7_2_00007FF8E5D3E8C0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D54860 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,7_2_00007FF8E5D54860
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D68870 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,7_2_00007FF8E5D68870
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF2423 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,7_2_00007FF8E5CF2423
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1F3C CRYPTO_malloc,ERR_new,ERR_set_debug,7_2_00007FF8E5CF1F3C
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1CA3 CRYPTO_strdup,CRYPTO_free,7_2_00007FF8E5CF1CA3
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF25F4 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_clear_free,7_2_00007FF8E5CF25F4
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1F28 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,7_2_00007FF8E5CF1F28
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1401 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,7_2_00007FF8E5CF1401
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D3E781 CRYPTO_free,CRYPTO_free,7_2_00007FF8E5D3E781
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF16A4 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,7_2_00007FF8E5CF16A4
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF120D EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,7_2_00007FF8E5CF120D
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF103C CRYPTO_malloc,COMP_expand_block,7_2_00007FF8E5CF103C
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D3E700 CRYPTO_free,7_2_00007FF8E5D3E700
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1389 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,7_2_00007FF8E5CF1389
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D3E200 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,7_2_00007FF8E5D3E200
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D3E190 CRYPTO_free,7_2_00007FF8E5D3E190
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF15E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,memcpy,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,7_2_00007FF8E5CF15E6
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1F55 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,7_2_00007FF8E5CF1F55
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF19DD BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,7_2_00007FF8E5CF19DD
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF4100 CRYPTO_free,7_2_00007FF8E5CF4100
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1ACD ERR_new,ERR_set_debug,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,memcpy,ERR_new,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,7_2_00007FF8E5CF1ACD
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF18B6 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,7_2_00007FF8E5CF18B6
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF26E4 BIO_s_file,BIO_new,ERR_new,ERR_set_debug,BIO_ctrl,ERR_new,ERR_set_debug,strncmp,ERR_new,ERR_set_debug,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,7_2_00007FF8E5CF26E4
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D24490 CRYPTO_realloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,7_2_00007FF8E5D24490
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1AC3 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,7_2_00007FF8E5CF1AC3
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF198D CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,7_2_00007FF8E5CF198D
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D0E427 CRYPTO_THREAD_write_lock,7_2_00007FF8E5D0E427
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF23DD EVP_MD_get_size,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_clear_free,CRYPTO_malloc,ERR_new,ERR_set_debug,7_2_00007FF8E5CF23DD
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D12410 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data,7_2_00007FF8E5D12410
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D543C0 EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,CRYPTO_malloc,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,7_2_00007FF8E5D543C0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D5A3D0 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,7_2_00007FF8E5D5A3D0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1D93 EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,CRYPTO_zalloc,EVP_MAC_CTX_free,EVP_MAC_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_fetch,EVP_MAC_CTX_new,EVP_MAC_free,EVP_CIPHER_CTX_new,EVP_CIPHER_fetch,OSSL_PARAM_construct_utf8_string,OSSL_PARAM_construct_end,EVP_MAC_init,EVP_DecryptInit_ex,EVP_CIPHER_free,EVP_CIPHER_free,EVP_CIPHER_free,EVP_MAC_CTX_get_mac_size,EVP_CIPHER_CTX_get_iv_length,EVP_MAC_final,CRYPTO_memcmp,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_CTX_free,CRYPTO_free,7_2_00007FF8E5CF1D93
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D48390 CRYPTO_free,CRYPTO_free,CRYPTO_free,7_2_00007FF8E5D48390
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1B31 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,7_2_00007FF8E5CF1B31
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D02360 CRYPTO_THREAD_run_once,7_2_00007FF8E5D02360
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF4300 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,7_2_00007FF8E5CF4300
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D50330 CRYPTO_free,CRYPTO_strndup,7_2_00007FF8E5D50330
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D62EE0 CRYPTO_memcmp,7_2_00007FF8E5D62EE0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF17E9 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,CRYPTO_memdup,ERR_new,ERR_new,ERR_new,ERR_set_debug,7_2_00007FF8E5CF17E9
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CFCEA0 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,7_2_00007FF8E5CFCEA0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF117C _time64,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,7_2_00007FF8E5CF117C
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D38E90 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,7_2_00007FF8E5D38E90
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF236A CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,7_2_00007FF8E5CF236A
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D0EDC1 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,7_2_00007FF8E5D0EDC1
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1B54 memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,memcmp,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,7_2_00007FF8E5CF1B54
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1811 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,7_2_00007FF8E5CF1811
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D0EDC1 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,7_2_00007FF8E5D0EDC1
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1771 CRYPTO_free,7_2_00007FF8E5CF1771
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF222F ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,7_2_00007FF8E5CF222F
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D38D40 OPENSSL_cleanse,CRYPTO_free,7_2_00007FF8E5D38D40
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1CBC EVP_MD_get_size,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,7_2_00007FF8E5CF1CBC
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF136B ERR_new,ERR_set_debug,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,ERR_new,ERR_set_debug,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,7_2_00007FF8E5CF136B
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D250D8 EVP_MAC_CTX_free,CRYPTO_free,7_2_00007FF8E5D250D8
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF2374 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,7_2_00007FF8E5CF2374
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D330A0 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,7_2_00007FF8E5D330A0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF14CE CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,7_2_00007FF8E5CF14CE
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF21DF CRYPTO_memcmp,7_2_00007FF8E5CF21DF
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D19084 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,7_2_00007FF8E5D19084
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D1F070 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,ERR_new,ERR_set_debug,memcpy,7_2_00007FF8E5D1F070
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D55070 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,7_2_00007FF8E5D55070
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D6B070 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,7_2_00007FF8E5D6B070
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF2117 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,7_2_00007FF8E5CF2117
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF4FD0 CRYPTO_free,7_2_00007FF8E5CF4FD0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF20E5 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,7_2_00007FF8E5CF20E5
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF2144 EVP_CIPHER_get_mode,EVP_CIPHER_get_mode,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_malloc,ERR_new,ERR_set_debug,7_2_00007FF8E5CF2144
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1A05 ERR_new,ERR_set_debug,ERR_set_error,ASN1_item_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,_time64,X509_free,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ASN1_item_free,7_2_00007FF8E5CF1A05
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF114F CRYPTO_free,ERR_new,ERR_set_debug,7_2_00007FF8E5CF114F
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1492 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,7_2_00007FF8E5CF1492
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D32A50 SRP_Calc_u_ex,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,BN_clear_free,BN_clear_free,7_2_00007FF8E5D32A50
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF24EB CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,7_2_00007FF8E5CF24EB
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D489F0 CRYPTO_free,CRYPTO_memdup,7_2_00007FF8E5D489F0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF17DF ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,7_2_00007FF8E5CF17DF
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF204F CRYPTO_free,CRYPTO_malloc,ERR_new,RAND_bytes_ex,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,7_2_00007FF8E5CF204F
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D04990 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,7_2_00007FF8E5D04990
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1893 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_strdup,ERR_new,ERR_set_debug,7_2_00007FF8E5CF1893
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF2185 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,7_2_00007FF8E5CF2185
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1EE2 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,EVP_MD_get0_name,EVP_MD_is_a,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,7_2_00007FF8E5CF1EE2
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D3E920 CRYPTO_free,7_2_00007FF8E5D3E920
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D04930 CRYPTO_get_ex_new_index,7_2_00007FF8E5D04930
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF139D memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,7_2_00007FF8E5CF139D
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D48CA0 CRYPTO_free,CRYPTO_strndup,7_2_00007FF8E5D48CA0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF257C ERR_new,ERR_set_debug,CRYPTO_free,BIO_clear_flags,BIO_set_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_cleanse,7_2_00007FF8E5CF257C
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D38C80 CRYPTO_free,7_2_00007FF8E5D38C80
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF22D9 CRYPTO_malloc,CONF_parse_list,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,7_2_00007FF8E5CF22D9
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D3EC70 CRYPTO_free,7_2_00007FF8E5D3EC70
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D54C40 ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,7_2_00007FF8E5D54C40
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF4C00 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,7_2_00007FF8E5CF4C00
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D3EC10 CRYPTO_free,7_2_00007FF8E5D3EC10
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1AB4 CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,7_2_00007FF8E5CF1AB4
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1A0F ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_CIPHER_get_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,CRYPTO_memcmp,ERR_set_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_pop_to_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,strncmp,strncmp,strncmp,strncmp,strncmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,7_2_00007FF8E5CF1A0F
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D0EB48 CRYPTO_free,7_2_00007FF8E5D0EB48
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF4B30 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,7_2_00007FF8E5CF4B30
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1460 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_snprintf,7_2_00007FF8E5CF1460
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D06B20 CRYPTO_THREAD_run_once,OPENSSL_sk_find,OPENSSL_sk_value,EVP_CIPHER_fetch,EVP_CIPHER_get_flags,7_2_00007FF8E5D06B20
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D1EB10 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,7_2_00007FF8E5D1EB10
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D356D0 CRYPTO_free,7_2_00007FF8E5D356D0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF12CB CRYPTO_THREAD_run_once,7_2_00007FF8E5CF12CB
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CFF650 EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_derive_set_peer,EVP_PKEY_is_a,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_derive,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,7_2_00007FF8E5CFF650
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D5B660 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,7_2_00007FF8E5D5B660
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D63650 CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_fetch,EVP_CIPHER_get_iv_length,RAND_bytes_ex,EVP_CIPHER_free,EVP_EncryptUpdate,EVP_EncryptFinal,ERR_new,ERR_new,CRYPTO_free,EVP_CIPHER_CTX_free,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get_iv_length,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_CIPHER_CTX_free,7_2_00007FF8E5D63650
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF110E EVP_PKEY_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,7_2_00007FF8E5CF110E
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D01620 CRYPTO_free,CRYPTO_strndup,7_2_00007FF8E5D01620
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1181 CRYPTO_free,CRYPTO_free,CRYPTO_free,7_2_00007FF8E5CF1181
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF2379 CRYPTO_free,7_2_00007FF8E5CF2379
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF21E9 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,7_2_00007FF8E5CF21E9
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF2469 CRYPTO_memcmp,ERR_new,ERR_set_debug,memchr,ERR_new,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,7_2_00007FF8E5CF2469
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF20F4 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,7_2_00007FF8E5CF20F4
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF193D CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,7_2_00007FF8E5CF193D
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D47570 CRYPTO_realloc,7_2_00007FF8E5D47570
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D1D510 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,7_2_00007FF8E5D1D510
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1654 EVP_MD_CTX_new,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_PKEY_get_id,ERR_new,EVP_MD_get0_name,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,BUF_reverse,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_MD_CTX_ctrl,ERR_new,ERR_set_debug,ERR_new,EVP_DigestVerify,ERR_new,ERR_new,ERR_new,ERR_set_debug,BIO_free,EVP_MD_CTX_free,CRYPTO_free,7_2_00007FF8E5CF1654
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D238C0 CRYPTO_malloc,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,memset,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,ERR_set_debug,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,ERR_set_mark,EVP_KEYMGMT_free,ERR_pop_to_mark,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,7_2_00007FF8E5D238C0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF13DE EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_security_bits,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,EVP_PKEY_get_bn_param,EVP_PKEY_get_bn_param,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,ERR_set_debug,EVP_DigestSign,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_free,BN_free,BN_free,BN_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,7_2_00007FF8E5CF13DE
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF589C BIO_get_data,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,7_2_00007FF8E5CF589C
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D07840 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,7_2_00007FF8E5D07840
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D09870 CRYPTO_free,CRYPTO_strdup,7_2_00007FF8E5D09870
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D657FE CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,7_2_00007FF8E5D657FE
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1087 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,7_2_00007FF8E5CF1087
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D477A0 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,7_2_00007FF8E5D477A0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D517A1 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,7_2_00007FF8E5D517A1
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF11BD CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,7_2_00007FF8E5CF11BD
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D41750 CRYPTO_free,CRYPTO_memdup,7_2_00007FF8E5D41750
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1023 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,7_2_00007FF8E5CF1023
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D292E0 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,7_2_00007FF8E5D292E0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1A32 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,7_2_00007FF8E5CF1A32
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF195B CRYPTO_zalloc,EVP_MAC_free,EVP_MAC_CTX_free,CRYPTO_free,7_2_00007FF8E5CF195B
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1F8C CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,7_2_00007FF8E5CF1F8C
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D63260 CRYPTO_free,CRYPTO_memdup,7_2_00007FF8E5D63260
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1262 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,7_2_00007FF8E5CF1262
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1B90 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,7_2_00007FF8E5CF1B90
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D57230 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,7_2_00007FF8E5D57230
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CFD227 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,7_2_00007FF8E5CFD227
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1A23 BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,7_2_00007FF8E5CF1A23
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D1D170 CRYPTO_THREAD_write_lock,OPENSSL_sk_new_null,OPENSSL_LH_delete,OPENSSL_sk_push,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,OPENSSL_sk_pop_free,7_2_00007FF8E5D1D170
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D51170 ERR_new,ERR_set_debug,CRYPTO_clear_free,7_2_00007FF8E5D51170
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CFF160 CRYPTO_free,CRYPTO_memdup,7_2_00007FF8E5CFF160
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF11A9 EVP_MAC_CTX_free,CRYPTO_free,7_2_00007FF8E5CF11A9
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D39120 CRYPTO_malloc,ERR_new,ERR_set_debug,7_2_00007FF8E5D39120
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D414E0 CRYPTO_memcmp,7_2_00007FF8E5D414E0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1992 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,OPENSSL_LH_new,X509_STORE_new,CTLOG_STORE_new_ex,OPENSSL_sk_num,X509_VERIFY_PARAM_new,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,CRYPTO_secure_zalloc,RAND_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,ERR_new,ERR_set_debug,7_2_00007FF8E5CF1992
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1393 OSSL_PROVIDER_do_all,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,7_2_00007FF8E5CF1393
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D63480 CRYPTO_free,CRYPTO_strndup,7_2_00007FF8E5D63480
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1EDD CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_find,CRYPTO_free,ERR_new,ERR_set_debug,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,7_2_00007FF8E5CF1EDD
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF2126 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memcmp,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,7_2_00007FF8E5CF2126
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1444 EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,7_2_00007FF8E5CF1444
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1997 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_decapsulate,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,7_2_00007FF8E5CF1997
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D6B430 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,EVP_PKEY_CTX_set_rsa_padding,OSSL_PARAM_construct_uint,OSSL_PARAM_construct_end,EVP_PKEY_CTX_set_params,EVP_PKEY_decrypt,OPENSSL_cleanse,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_CTX_free,7_2_00007FF8E5D6B430
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CFD3CA CRYPTO_free,7_2_00007FF8E5CFD3CA
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF111D CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,ERR_new,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,7_2_00007FF8E5CF111D
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CFB300 CRYPTO_clear_free,7_2_00007FF8E5CFB300
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1677 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,7_2_00007FF8E5CF1677
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF17F8 EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key_ex,EVP_DigestSignInit_ex,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,7_2_00007FF8E5CF17F8
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF2680 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,7_2_00007FF8E5CF2680
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF5EE0 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,7_2_00007FF8E5CF5EE0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF107D CRYPTO_free,7_2_00007FF8E5CF107D
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF3EB0 CRYPTO_free,7_2_00007FF8E5CF3EB0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF25DB CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,7_2_00007FF8E5CF25DB
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF150F OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_VERIFY_PARAM_get_depth,CRYPTO_dup_ex_data,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,7_2_00007FF8E5CF150F
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF2720 CRYPTO_free,CRYPTO_strdup,7_2_00007FF8E5CF2720
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D5BE20 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,7_2_00007FF8E5D5BE20
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF2310 ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_new,EVP_MD_fetch,ERR_new,ERR_new,ERR_set_debug,EVP_MD_free,EVP_MD_get_size,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_free,CRYPTO_free,7_2_00007FF8E5CF2310
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D15E10 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,7_2_00007FF8E5D15E10
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF108C ERR_new,ERR_set_debug,CRYPTO_free,7_2_00007FF8E5CF108C
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1D89 CRYPTO_free,CRYPTO_memdup,7_2_00007FF8E5CF1D89
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D15D20 CRYPTO_free,CRYPTO_free,7_2_00007FF8E5D15D20
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D53D20 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,7_2_00007FF8E5D53D20
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1CEE CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,7_2_00007FF8E5CF1CEE
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1361 CRYPTO_malloc,EVP_PKEY_set_type,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_CTX_free,ERR_pop_to_mark,CRYPTO_free,EVP_PKEY_free,7_2_00007FF8E5CF1361
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D480C0 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,7_2_00007FF8E5D480C0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D120A0 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,7_2_00007FF8E5D120A0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D500A0 CRYPTO_free,CRYPTO_memdup,7_2_00007FF8E5D500A0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D0C080 CRYPTO_free,CRYPTO_memdup,7_2_00007FF8E5D0C080
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CFE0AD ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,7_2_00007FF8E5CFE0AD
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF2527 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,7_2_00007FF8E5CF2527
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF23EC CRYPTO_free,CRYPTO_memdup,7_2_00007FF8E5CF23EC
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D16030 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,d2i_X509,X509_get0_pubkey,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,7_2_00007FF8E5D16030
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF202C CRYPTO_free,7_2_00007FF8E5CF202C
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1019 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,7_2_00007FF8E5CF1019
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CFDFB5 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,7_2_00007FF8E5CFDFB5
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1B18 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_memcmp,ERR_new,ERR_new,7_2_00007FF8E5CF1B18
Source: user.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: user.exe, 00000000.00000003.1382049145.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2626855364.00007FF8E6BB7000.00000002.00000001.01000000.00000018.sdmp, user.exe, 00000005.00000003.1467693768.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1601648258.00007FF8E5B07000.00000002.00000001.01000000.00000031.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: user.exe, 00000002.00000002.2629554504.00007FF8E742A000.00000002.00000001.01000000.0000000E.sdmp, user.exe, 00000007.00000002.1616958688.00007FF8E620A000.00000002.00000001.01000000.00000028.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\_win32sysloader.pdb source: user.exe, 00000000.00000003.1382993293.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1468200856.00000245209C3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: user.exe, 00000002.00000002.2628358963.00007FF8E6F95000.00000002.00000001.01000000.0000000F.sdmp, user.exe, 00000007.00000002.1614754021.00007FF8E5D75000.00000002.00000001.01000000.00000027.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pywintypes.pdb** source: user.exe, 00000002.00000002.2626615099.00007FF8E6AF1000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb(('GCTL source: user.exe, 00000000.00000003.1365340376.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2637906283.00007FF8F8CA4000.00000002.00000001.01000000.00000011.sdmp, user.exe, 00000005.00000003.1452996149.00000245209C3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pythoncom.pdb}},GCTL source: user.exe, 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32trace.pdb source: user.exe, 00000000.00000003.1383240668.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1468502118.00000245209C3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: user.exe, 00000000.00000003.1362577469.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2637209525.00007FF8F8354000.00000002.00000001.01000000.00000005.sdmp, user.exe, 00000005.00000003.1447477413.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1620143500.00007FF8F0954000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: user.exe, 00000002.00000002.2629554504.00007FF8E7392000.00000002.00000001.01000000.0000000E.sdmp, user.exe, 00000007.00000002.1616958688.00007FF8E6172000.00000002.00000001.01000000.00000028.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: user.exe, 00000000.00000003.1362577469.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2637209525.00007FF8F8354000.00000002.00000001.01000000.00000005.sdmp, user.exe, 00000005.00000003.1447477413.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1620143500.00007FF8F0954000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32api.pdb!! source: user.exe, 00000002.00000002.2625975165.00007FF8E6A03000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: user.exe, 00000002.00000002.2629554504.00007FF8E742A000.00000002.00000001.01000000.0000000E.sdmp, user.exe, 00000007.00000002.1616958688.00007FF8E620A000.00000002.00000001.01000000.00000028.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32api.pdb source: user.exe, 00000002.00000002.2625975165.00007FF8E6A03000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: user.exe, 00000000.00000003.1362747723.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2637506375.00007FF8F8B85000.00000002.00000001.01000000.00000012.sdmp, user.exe, 00000005.00000003.1447786494.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1614093263.00007FF8E5C05000.00000002.00000001.01000000.0000002B.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: user.exe, 00000000.00000003.1381436900.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2638100481.00007FF8F8FF3000.00000002.00000001.01000000.0000000C.sdmp, user.exe, 00000005.00000003.1467463412.00000245209C3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pywintypes.pdb source: user.exe, 00000002.00000002.2626615099.00007FF8E6AF1000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: user.exe, 00000002.00000002.2635380374.00007FF8F7043000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: user.exe, 00000000.00000003.1363837714.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2636947025.00007FF8F8306000.00000002.00000001.01000000.00000014.sdmp, user.exe, 00000005.00000003.1449287226.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1612639997.00007FF8E5B66000.00000002.00000001.01000000.0000002D.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: user.exe, 00000000.00000003.1364422732.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2634036136.00007FF8E7E1B000.00000002.00000001.01000000.0000000A.sdmp, user.exe, 00000005.00000003.1449590565.00000245209C3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: user.exe, 00000000.00000003.1364615537.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2634902972.00007FF8F6DA3000.00000002.00000001.01000000.00000015.sdmp, user.exe, 00000005.00000003.1449788223.00000245209C3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pythoncom.pdb source: user.exe, 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: user.exe, 00000000.00000003.1364422732.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2634036136.00007FF8E7E1B000.00000002.00000001.01000000.0000000A.sdmp, user.exe, 00000005.00000003.1449590565.00000245209C3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: user.exe, 00000000.00000003.1363208241.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2636675020.00007FF8F7A9D000.00000002.00000001.01000000.00000009.sdmp, user.exe, 00000005.00000003.1448428595.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1619967318.00007FF8E7C5D000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: user.exe, 00000000.00000003.1365340376.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2637906283.00007FF8F8CA4000.00000002.00000001.01000000.00000011.sdmp, user.exe, 00000005.00000003.1452996149.00000245209C3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: user.exe, 00000000.00000003.1364990790.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2635936237.00007FF8F7A29000.00000002.00000001.01000000.0000000B.sdmp, user.exe, 00000005.00000003.1449899794.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1619808462.00007FF8E6E69000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: user.exe, 00000000.00000003.1372505324.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2620851258.000001B2958F0000.00000002.00000001.01000000.00000006.sdmp, user.exe, 00000005.00000003.1464787734.00000245209C3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python313.pdb source: user.exe, 00000002.00000002.2631025301.00007FF8E78F8000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: user.exe, 00000000.00000003.1362747723.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2637506375.00007FF8F8B85000.00000002.00000001.01000000.00000012.sdmp, user.exe, 00000005.00000003.1447786494.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1614093263.00007FF8E5C05000.00000002.00000001.01000000.0000002B.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdb source: user.exe, 00000002.00000002.2628358963.00007FF8E6F95000.00000002.00000001.01000000.0000000F.sdmp, user.exe, 00000007.00000002.1614754021.00007FF8E5D75000.00000002.00000001.01000000.00000027.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: user.exe, 00000002.00000002.2633466176.00007FF8E7C7E000.00000002.00000001.01000000.0000000D.sdmp, user.exe, 00000007.00000002.1617610822.00007FF8E62DE000.00000002.00000001.01000000.00000026.sdmp
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F09280 FindFirstFileExW,FindClose,0_2_00007FF653F09280
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F21874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF653F21874
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F083C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF653F083C0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F09280 FindFirstFileExW,FindClose,2_2_00007FF653F09280
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F21874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF653F21874
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F083C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF653F083C0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E69F3540 PyArg_ParseTuple,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyList_New,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindFirstFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,?PyObject_FromWIN32_FIND_DATAW@@YAPEAU_object@@PEAU_WIN32_FIND_DATAW@@@Z,PyList_Append,_Py_Dealloc,FindNextFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindClose,_Py_Dealloc,2_2_00007FF8E69F3540
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5943540 PyArg_ParseTuple,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyList_New,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindFirstFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,?PyObject_FromWIN32_FIND_DATAW@@YAPEAU_object@@PEAU_WIN32_FIND_DATAW@@@Z,PyList_Append,_Py_Dealloc,FindNextFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindClose,_Py_Dealloc,7_2_00007FF8E5943540
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E69F53D0 PyArg_ParseTuple,GetLogicalDriveStringsW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,GetLogicalDriveStringsW,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W_J@Z,2_2_00007FF8E69F53D0

Networking

barindex
Uses the Telegram API (likely for C&C communication)
Source: unknownDNS query: name: api.telegram.org
Source: global trafficTCP traffic: 192.168.2.9:56077 -> 162.159.36.2:53
Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: api.telegram.org
Source: user.exe, 00000002.00000002.2623756571.000001B2966C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: user.exe, 00000002.00000002.2627578878.00007FF8E6C46000.00000002.00000001.01000000.00000010.sdmp, user.exe, 00000007.00000002.1614451503.00007FF8E5C76000.00000002.00000001.01000000.00000029.sdmpString found in binary or memory: http://.css
Source: user.exe, 00000002.00000002.2627578878.00007FF8E6C46000.00000002.00000001.01000000.00000010.sdmp, user.exe, 00000007.00000002.1614451503.00007FF8E5C76000.00000002.00000001.01000000.00000029.sdmpString found in binary or memory: http://.jpg
Source: user.exe, 00000000.00000003.1365161477.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1382049145.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1382942130.0000027A3E32E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1452786524.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1467693768.00000245209C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digi
Source: user.exe, 00000000.00000003.1365161477.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1372027234.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1381436900.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1382049145.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363533994.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1371831524.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1370331782.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363672400.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364990790.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363837714.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1365340376.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1373211473.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364422732.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364615537.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1372505324.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1370331782.0000027A3E32E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363208241.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1452786524.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1449788223.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462946364.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1465549201.00000245209C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: user.exe, 00000000.00000003.1365161477.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1372027234.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1381436900.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1382049145.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363533994.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1371831524.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363672400.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364990790.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363837714.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1365340376.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1373211473.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364422732.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364615537.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1372505324.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1370331782.0000027A3E32E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1370331782.0000027A3E329000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363208241.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1452786524.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1449788223.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1465549201.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1448877672.00000245209C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: user.exe, 00000000.00000003.1365161477.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1372027234.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1381436900.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1382049145.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363533994.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1371831524.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1370331782.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363672400.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364990790.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363837714.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1365340376.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1373211473.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364422732.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364615537.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1372505324.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363208241.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1452786524.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1449788223.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462946364.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1465549201.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1448877672.00000245209C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: user.exe, 00000000.00000003.1365161477.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1372027234.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1381436900.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1382049145.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363533994.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1371831524.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1370331782.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363672400.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1382942130.0000027A3E32E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364990790.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363837714.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1365340376.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1373211473.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364422732.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364615537.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1372505324.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1370331782.0000027A3E329000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363208241.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1452786524.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1449788223.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462946364.00000245209C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: user.exe, 00000002.00000002.2621747627.000001B295EDA000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B295FDD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520665223.00000229598D5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1526721995.0000022959905000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: user.exe, 00000002.00000003.1421141726.000001B2961CD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1535125970.0000022959B14000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532372203.0000022959AE5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1534313123.0000022959B29000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1588628384.0000022959B2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: user.exe, 00000002.00000003.1421492929.000001B29611B000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2619126307.000001B293BA8000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B295EDA000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B29610A000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B295FDD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B29612A000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1576691804.000002295759C000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1586342647.00000229598FA000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520665223.00000229598D5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1545326033.0000022959911000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1556811900.0000022959912000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1530468425.00000229598F9000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1559156843.000002295759B000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1526721995.0000022959905000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1522247460.0000022959947000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1525652249.0000022959947000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1556416046.0000022959987000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1553300194.0000022959973000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: user.exe, 00000002.00000003.1421492929.000001B29611B000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B29610A000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520665223.00000229598D5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1545326033.0000022959911000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1556811900.0000022959912000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1526721995.0000022959905000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: user.exe, 00000002.00000003.1421492929.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl3
Source: user.exe, 00000002.00000003.1421141726.000001B2961CD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1535125970.0000022959B14000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532372203.0000022959AE5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1534313123.0000022959B29000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1588628384.0000022959B2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: user.exe, 00000002.00000003.1421492929.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: user.exe, 00000002.00000002.2621109580.000001B295A20000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1535652585.0000022959812000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1528011348.00000229597FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: user.exe, 00000002.00000003.1421492929.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crlp
Source: user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: user.exe, 00000002.00000002.2621109580.000001B295A20000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1535652585.0000022959812000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1528011348.00000229597FB000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1554544679.0000022959815000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: user.exe, 00000002.00000003.1421492929.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crlE
Source: user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: user.exe, 00000002.00000003.1421492929.000001B29611B000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B295EDA000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B29610A000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B295FDD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1586342647.00000229598FA000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520665223.00000229598D5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1545326033.0000022959911000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1556811900.0000022959912000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1530468425.00000229598F9000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1526721995.0000022959905000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: user.exe, 00000000.00000003.1365161477.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1372027234.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1381436900.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1382049145.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363533994.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1371831524.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1370331782.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363672400.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1382942130.0000027A3E32E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364990790.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363837714.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1365340376.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1373211473.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364422732.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364615537.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1372505324.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1370331782.0000027A3E32E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363208241.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1452786524.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1449788223.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462946364.00000245209C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: user.exe, 00000000.00000003.1365161477.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1372027234.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1381436900.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1382049145.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363533994.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1371831524.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363672400.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364990790.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363837714.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1365340376.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1373211473.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364422732.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364615537.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1372505324.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1370331782.0000027A3E32E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1370331782.0000027A3E329000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363208241.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1452786524.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1449788223.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1465549201.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1448877672.00000245209C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: user.exe, 00000000.00000003.1365161477.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1372027234.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1381436900.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1382049145.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363533994.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1371831524.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1370331782.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363672400.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364990790.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363837714.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1365340376.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1373211473.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364422732.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364615537.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1372505324.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363208241.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1452786524.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1449788223.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462946364.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1465549201.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1448877672.00000245209C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: user.exe, 00000005.00000003.1464454740.00000245209C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: user.exe, 00000000.00000003.1365161477.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1372027234.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1381436900.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1382049145.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363533994.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1371831524.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363672400.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364990790.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363837714.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1365340376.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1373211473.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364422732.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364615537.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1372505324.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1370331782.0000027A3E32E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1370331782.0000027A3E329000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363208241.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1452786524.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1449788223.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1465549201.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1448877672.00000245209C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: user.exe, 00000002.00000003.1392791148.000001B296102000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2623641827.000001B2965C0000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B295EDA000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B295FDD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1481704199.000002295994C000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1481495642.0000022959A20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: user.exe, 00000002.00000002.2621109580.000001B295A20000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421669744.000001B295AD7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1481946088.000002295947D000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524116544.000002295948F000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1561217432.00000229594F0000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520563388.000002295948A000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1480691004.0000022959495000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1482351531.000002295948D000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1527277139.00000229594ED000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1545714532.00000229594EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: user.exe, 00000002.00000002.2621747627.000001B295EDA000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1392435767.000001B295F24000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524116544.0000022959515000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532495083.0000022959516000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1480691004.0000022959515000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524506481.0000022959515000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1482351531.0000022959515000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: user.exe, 00000002.00000002.2621747627.000001B295EDA000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524116544.0000022959515000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532495083.0000022959516000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1574461610.0000022959516000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1480691004.0000022959515000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524506481.0000022959515000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1482351531.0000022959515000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: user.exe, 00000002.00000002.2627578878.00007FF8E6C46000.00000002.00000001.01000000.00000010.sdmp, user.exe, 00000007.00000002.1614451503.00007FF8E5C76000.00000002.00000001.01000000.00000029.sdmpString found in binary or memory: http://html4/loose.dtd
Source: user.exe, 00000002.00000003.1421141726.000001B2961CD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532372203.0000022959AE5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1587771128.0000022959AFF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1545235200.0000022959AFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: user.exe, 00000002.00000003.1421141726.000001B2961CD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532372203.0000022959AE5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1587771128.0000022959AFF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1545235200.0000022959AFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: user.exe, 00000007.00000003.1532372203.0000022959AE5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1587771128.0000022959AFF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1545235200.0000022959AFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es4~
Source: user.exe, 00000000.00000003.1365161477.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1372027234.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1381436900.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1382049145.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363533994.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1371831524.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363672400.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364990790.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363837714.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1365340376.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1373211473.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364422732.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364615537.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1372505324.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1370331782.0000027A3E32E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1370331782.0000027A3E329000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363208241.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1452786524.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1449788223.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1465549201.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1448877672.00000245209C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: user.exe, 00000000.00000003.1365161477.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1372027234.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1381436900.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1382049145.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363533994.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1371831524.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1370331782.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363672400.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1382942130.0000027A3E32E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364990790.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363837714.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1365340376.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1373211473.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364422732.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364615537.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1372505324.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1370331782.0000027A3E329000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363208241.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1452786524.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1449788223.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462946364.00000245209C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: user.exe, 00000000.00000003.1365161477.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1372027234.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1381436900.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1382049145.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363533994.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1371831524.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1370331782.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363672400.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1382942130.0000027A3E32E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364990790.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363837714.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1365340376.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1373211473.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364422732.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364615537.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1372505324.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1370331782.0000027A3E32E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363208241.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1452786524.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1449788223.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462946364.00000245209C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: user.exe, 00000000.00000003.1365161477.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1372027234.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1381436900.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1382049145.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363533994.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1371831524.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1370331782.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363672400.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364990790.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363837714.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1365340376.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1373211473.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364422732.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364615537.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1372505324.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363208241.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1452786524.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1449788223.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462946364.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1465549201.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1448877672.00000245209C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: user.exe, 00000000.00000003.1369355123.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462146123.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://python-hyper.org/en/latest/contributing.html
Source: user.exe, 00000002.00000002.2621747627.000001B295EDA000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421492929.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B295FDD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1545202926.0000022959973000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1522247460.0000022959947000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1525652249.0000022959947000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1587502806.0000022959AD3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1553300194.0000022959973000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532731618.0000022959AC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: user.exe, 00000002.00000003.1421492929.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/K
Source: user.exe, 00000002.00000002.2621747627.000001B295EDA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/g
Source: user.exe, 00000002.00000003.1421492929.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/m
Source: user.exe, 00000002.00000002.2623527530.000001B2964C0000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000007.00000003.1481946088.000002295947D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: user.exe, 00000002.00000003.1421141726.000001B2961CD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532372203.0000022959AE5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1587771128.0000022959AFF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1545235200.0000022959AFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: user.exe, 00000002.00000003.1421492929.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1577293229.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1579139270.0000022959AAE000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1549008784.0000022959AA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: user.exe, 00000002.00000003.1421141726.000001B2961CD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532372203.0000022959AE5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1587771128.0000022959AFF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1545235200.0000022959AFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: user.exe, 00000002.00000003.1421492929.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532372203.0000022959AE5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: user.exe, 00000002.00000003.1421141726.000001B2961CD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532372203.0000022959AE5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1587771128.0000022959AFF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1545235200.0000022959AFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: user.exe, 00000007.00000003.1532372203.0000022959AE5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htmcl5
Source: user.exe, 00000002.00000003.1421492929.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B2961CD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532372203.0000022959AE5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1587771128.0000022959AFF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1545235200.0000022959AFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: user.exe, 00000002.00000002.2621747627.000001B295EDA000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B2961CD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1535125970.0000022959B14000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532372203.0000022959AE5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1554991563.000002295942E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1525011279.000002295941F000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524234410.000002295941E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1556347958.000002295947E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: user.exe, 00000000.00000003.1365161477.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1372027234.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1381436900.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1382049145.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363533994.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1371831524.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363672400.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364990790.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363837714.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1365340376.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1373211473.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364422732.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1364615537.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1372505324.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1370331782.0000027A3E32E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1370331782.0000027A3E329000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1363208241.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1452786524.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1449788223.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1465549201.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1448877672.00000245209C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: user.exe, 00000002.00000003.1421141726.000001B2961CD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421669744.000001B295B7D000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621109580.000001B295B67000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1583915927.0000022959373000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532372203.0000022959AE5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1576165187.0000022959373000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1552656439.000002295936B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: user.exe, 00000002.00000002.2620603180.000001B2956B0000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520348822.000002295918A000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524800001.0000022959197000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1530618628.00000229591AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: user.exe, 00000002.00000003.1421492929.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1577293229.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1549008784.0000022959AA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: user.exe, 00000002.00000003.1421855039.000001B2960E6000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B2960DE000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B2960DE000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532731618.0000022959AC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: user.exe, 00000002.00000003.1392791148.000001B296102000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B295EDA000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B295FDD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621109580.000001B295A20000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1584186864.00000229593D8000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1481704199.000002295994C000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1481495642.0000022959A20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: user.exe, 00000007.00000002.1585152494.0000022959670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
Source: user.exe, 00000002.00000002.2623880663.000001B296850000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot8198088572:AAHuCRMqYLAInPh6sc5IXCxLBzQUYapjKZ8/sendMessage
Source: user.exe, 00000002.00000002.2624678476.000001B297118000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: user.exe, 00000000.00000003.1369355123.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462146123.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codecov.io/gh/python-hyper/h2
Source: user.exe, 00000000.00000003.1369355123.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462146123.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codecov.io/gh/python-hyper/h2/branch/master/graph/badge.svg
Source: user.exe, 00000000.00000003.1366313980.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1457542424.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io
Source: user.exe, 00000005.00000003.1457542424.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/
Source: user.exe, 00000000.00000003.1366313980.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1457542424.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/changelog/
Source: user.exe, 00000000.00000003.1366313980.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1457542424.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/installation/
Source: user.exe, 00000000.00000003.1366313980.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1457542424.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/security/
Source: user.exe, 00000002.00000003.1390949588.000001B295AEF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621109580.000001B295A20000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421669744.000001B295AD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: user.exe, 00000002.00000002.2620916508.000001B295920000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000002.00000003.1386669756.000001B2957A1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1472767584.000002295924E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1583589141.0000022959260000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/howto/mro.html.
Source: user.exe, 00000002.00000002.2619623100.000001B295490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: user.exe, 00000002.00000002.2619623100.000001B295490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: user.exe, 00000002.00000002.2619623100.000001B295514000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: user.exe, 00000002.00000002.2619623100.000001B295490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: user.exe, 00000002.00000002.2619623100.000001B295514000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: user.exe, 00000002.00000002.2619623100.000001B295490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: user.exe, 00000002.00000002.2619623100.000001B295490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: user.exe, 00000002.00000002.2619623100.000001B295490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: user.exe, 00000002.00000003.1387568398.000001B2956D8000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2620603180.000001B2956B0000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1387249458.000001B2956DF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1387801808.000001B2956DE000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1563292594.0000022959173000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1579761417.0000022959175000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524321430.0000022959170000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: user.exe, 00000002.00000002.2623880663.000001B29682C000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520071289.0000022959A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
Source: user.exe, 00000002.00000003.1392435767.000001B295F24000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621634585.000001B295D40000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000007.00000002.1585152494.0000022959670000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000007.00000003.1480691004.0000022959515000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1482351531.0000022959515000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: user.exe, 00000002.00000003.1421492929.000001B29611B000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B29610A000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B29612A000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524116544.000002295948F000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520563388.000002295948A000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1545611948.0000022959490000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: user.exe, 00000002.00000002.2619126307.000001B293BA8000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1527184461.00000229575A2000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1562515908.00000229575D1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1563292594.0000022959173000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1579761417.0000022959175000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524321430.0000022959170000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: user.exe, 00000007.00000002.1590791512.000002295A148000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/asweigart/pyperclip/issues/55
Source: user.exe, 00000002.00000002.2623880663.000001B296818000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/asweigart/pyperclip/issues/550K
Source: user.exe, user.exe, 00000007.00000002.1600413520.00007FF8E5A52000.00000002.00000001.01000000.00000032.sdmpString found in binary or memory: https://github.com/mhammond/pywin32
Source: user.exe, 00000000.00000003.1369355123.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462146123.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/orgs/python-hyper/people
Source: user.exe, 00000002.00000002.2623756571.000001B2966C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
Source: user.exe, 00000000.00000003.1366313980.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1457542424.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography
Source: user.exe, 00000000.00000003.1366313980.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1457542424.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/
Source: user.exe, 00000000.00000003.1366313980.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1457542424.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
Source: user.exe, 00000005.00000003.1457542424.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues
Source: user.exe, 00000000.00000003.1366313980.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1457542424.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
Source: user.exe, 00000000.00000003.1369355123.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462146123.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-hyper/h2
Source: user.exe, 00000000.00000003.1369355123.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462146123.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-hyper/h2/actions
Source: user.exe, 00000000.00000003.1369355123.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462146123.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-hyper/h2/workflows/CI/badge.svg
Source: user.exe, 00000002.00000003.1387568398.000001B2956D8000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2620603180.000001B2956B0000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1387249458.000001B2956DF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2619623100.000001B295514000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000002.00000003.1387801808.000001B2956DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: user.exe, 00000007.00000003.1524321430.0000022959170000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: user.exe, 00000002.00000002.2619126307.000001B293BA8000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1527184461.00000229575A2000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1562515908.00000229575D1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1563292594.0000022959173000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1579761417.0000022959175000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524321430.0000022959170000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: user.exe, 00000002.00000003.1390949588.000001B295B7E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1390060263.000001B295B7E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421669744.000001B295B7D000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1390303985.000001B295A34000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1389494302.000001B295E80000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621109580.000001B295B67000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1584131705.00000229593BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: user.exe, 00000002.00000002.2623527530.000001B2964C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/wiki/Development-Methodology
Source: user.exe, 00000002.00000002.2619126307.000001B293BA8000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1527184461.00000229575A2000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1562515908.00000229575D1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1563292594.0000022959173000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1579761417.0000022959175000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524321430.0000022959170000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: user.exe, 00000002.00000003.1389176083.000001B295B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2168
Source: user.exe, 00000007.00000003.1480691004.0000022959515000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1482351531.0000022959515000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192
Source: user.exe, 00000002.00000003.1392435767.000001B295F24000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621634585.000001B295D40000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000007.00000002.1585152494.0000022959670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: user.exe, 00000002.00000003.1392364563.000001B295F92000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621109580.000001B295A20000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421669744.000001B295AD7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1480691004.0000022959515000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1526338996.0000022959533000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1482351531.0000022959515000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: user.exe, 00000002.00000002.2623527530.000001B2964C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: user.exe, 00000002.00000003.1389176083.000001B295B7E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1389544051.000001B295B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3020
Source: user.exe, 00000002.00000002.2623527530.000001B2964C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
Source: user.exe, 00000000.00000003.1369355123.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462146123.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitter.im/python-hyper/community
Source: user.exe, 00000002.00000003.1421141726.000001B295FDD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1481946088.000002295947D000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524116544.000002295948F000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520563388.000002295948A000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520665223.00000229598D5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1482351531.000002295948D000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1557709596.0000022959890000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1545611948.0000022959490000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1525493888.0000022959844000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: user.exe, 00000002.00000002.2621747627.000001B295EDA000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B295FDD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520665223.00000229598D5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1557709596.0000022959890000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1525493888.0000022959844000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
Source: user.exe, 00000007.00000003.1482351531.0000022959515000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
Source: user.exe, 00000000.00000003.1369355123.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462146123.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://h2.readthedocs.io
Source: user.exe, 00000000.00000003.1369355123.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462146123.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://h2.readthedocs.io/en/latest/
Source: user.exe, 00000002.00000002.2621747627.000001B295EDA000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1392435767.000001B295F24000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520665223.00000229598BB000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1545129782.00000229598C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: user.exe, 00000007.00000003.1545611948.0000022959490000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: user.exe, 00000002.00000003.1421141726.000001B2960DE000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B295FDD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B29612A000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520665223.00000229598D5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520071289.0000022959A4C000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520665223.00000229598BB000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1545326033.0000022959911000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1556811900.0000022959912000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524380998.00000229598B1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1525493888.00000229598B2000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1578585574.0000022959A62000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1554991563.000002295942E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1525011279.000002295941F000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1556103241.00000229598B3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959A43000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1584628060.0000022959475000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1549008784.0000022959A62000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524234410.000002295941E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1526721995.0000022959905000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: user.exe, 00000002.00000003.1390949588.000001B295B7E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1390060263.000001B295B7E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1389176083.000001B295B7E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1389544051.000001B295B7E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421669744.000001B295B7D000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621109580.000001B295B67000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1481946088.00000229593F9000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1533380875.00000229593FF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1584238680.000002295940A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: user.exe, 00000000.00000003.1369355123.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462146123.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/badge/chat-join_now-brightgreen.svg
Source: user.exe, 00000000.00000003.1366313980.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1457542424.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
Source: user.exe, 00000007.00000003.1481946088.00000229593F9000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1552656439.000002295936B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
Source: user.exe, 00000002.00000003.1421492929.000001B29611B000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1392895163.000001B29611B000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B29610A000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1392791148.000001B296118000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B29612A000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1525011279.000002295941F000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1553591785.0000022959484000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524234410.000002295941E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: user.exe, 00000000.00000003.1366313980.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1457542424.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
Source: user.exe, 00000002.00000002.2623413937.000001B296370000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/#core-metadata
Source: user.exe, 00000002.00000002.2621109580.000001B295A20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/#file-format
Source: user.exe, 00000002.00000002.2621109580.000001B295A20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/recording-installed-packages/#the-record-file
Source: user.exe, 00000002.00000002.2623303617.000001B296260000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000002.00000002.2623413937.000001B296370000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000007.00000002.1588969154.0000022959B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: user.exe, 00000002.00000002.2623880663.000001B2968A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: user.exe, 00000002.00000002.2623880663.000001B2968A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.jsExtensions
Source: user.exe, 00000002.00000003.1385108111.000001B2956B1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621508196.000001B295C40000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000007.00000002.1585008614.0000022959570000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000007.00000003.1470465704.00000229575DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
Source: user.exe, 00000002.00000002.2631025301.00007FF8E78F8000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
Source: user.exe, 00000002.00000002.2623880663.000001B29682C000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000007.00000002.1590791512.000002295A15C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-error
Source: user.exe, 00000007.00000002.1590791512.000002295A15C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-error0
Source: user.exe, 00000002.00000002.2623880663.000001B29682C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-errorpS
Source: user.exe, 00000000.00000003.1366313980.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1457542424.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/cryptography/
Source: user.exe, 00000000.00000003.1369355123.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462146123.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.github.com/python-hyper/documentation/master/source/logo/hyper-black-bg-white.png
Source: user.exe, 00000000.00000003.1366313980.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1457542424.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
Source: user.exe, 00000000.00000003.1369355123.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462146123.00000245209C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://readthedocs.org/projects/h2/badge/?version=latest
Source: user.exe, 00000002.00000003.1390949588.000001B295B7E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1390060263.000001B295B7E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1389176083.000001B295B7E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1389544051.000001B295B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.read
Source: user.exe, 00000002.00000002.2623756571.000001B2966C0000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000002.00000003.1389544051.000001B295B7E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421669744.000001B295B7D000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621109580.000001B295B67000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1481946088.00000229593F9000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1533380875.00000229593FF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1584238680.000002295940A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: user.exe, 00000002.00000002.2624678476.000001B297118000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: user.exe, 00000002.00000002.2621109580.000001B295A20000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1480894513.000002295980D000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1535652585.0000022959812000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1528011348.00000229597FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: user.exe, 00000002.00000003.1390949588.000001B295AEF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621109580.000001B295A20000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1481946088.00000229593F9000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1525011279.000002295941F000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1584353212.0000022959423000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524234410.000002295941E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
Source: user.exe, 00000002.00000002.2621747627.000001B295EDA000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B295FDD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1481946088.000002295947D000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524116544.000002295948F000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520563388.000002295948A000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1482351531.000002295948D000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1545611948.0000022959490000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: user.exe, 00000002.00000002.2623413937.000001B296370000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000002.00000003.1392435767.000001B295F24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: user.exe, 00000007.00000002.1588969154.0000022959B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: user.exe, 00000000.00000003.1366646900.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1458538738.00000245209C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/
Source: user.exe, 00000000.00000003.1366702047.0000027A3E32F000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1366616298.0000027A3E32F000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1366646900.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1458538738.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1458538738.00000245209D1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1459342420.00000245209D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: user.exe, 00000002.00000002.2624678476.000001B297144000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: user.exe, 00000002.00000002.2624678476.000001B297144000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
Source: user.exe, 00000002.00000002.2624678476.000001B297118000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: user.exe, 00000002.00000002.2624678476.000001B297118000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: user.exe, 00000002.00000002.2624678476.000001B297118000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstorer
Source: user.exe, 00000002.00000002.2624678476.000001B297144000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierra
Source: user.exe, 00000002.00000002.2624678476.000001B297118000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: user.exe, 00000000.00000003.1372027234.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2628458287.00007FF8E6FD0000.00000002.00000001.01000000.0000000F.sdmp, user.exe, 00000002.00000002.2630080832.00007FF8E74D4000.00000002.00000001.01000000.0000000E.sdmp, user.exe, 00000005.00000003.1464454740.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1617434983.00007FF8E62B4000.00000002.00000001.01000000.00000028.sdmpString found in binary or memory: https://www.openssl.org/H
Source: user.exe, 00000002.00000003.1390949588.000001B295B7E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1390060263.000001B295B7E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1389176083.000001B295B7E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1389544051.000001B295B7E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421669744.000001B295B7D000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621109580.000001B295B67000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1481946088.00000229593F9000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1533380875.00000229593FF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1584238680.000002295940A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: user.exe, 00000002.00000003.1421492929.000001B29611B000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1392895163.000001B29611B000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B29610A000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1392791148.000001B296118000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B29612A000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1525011279.000002295941F000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1553591785.0000022959484000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524234410.000002295941E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: user.exe, 00000002.00000002.2631025301.00007FF8E78F8000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.python.org/psf/license/)
Source: user.exe, 00000002.00000002.2621109580.000001B295A20000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1392364563.000001B295FA3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421669744.000001B295AD7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1553505399.00000229598E7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520665223.00000229598D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: user.exe, 00000002.00000003.1421492929.000001B2961F9000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532372203.0000022959AE5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1534313123.0000022959B29000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1588628384.0000022959B2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: user.exe, 00000002.00000003.1421141726.000001B2961CD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532372203.0000022959AE5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1534313123.0000022959B29000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1588628384.0000022959B2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: user.exe, 00000002.00000002.2621747627.000001B295EDA000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B295FDD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520665223.00000229598D5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1557709596.0000022959890000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1525493888.0000022959844000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E69F4F70 PyArg_ParseTuple,PyEval_SaveThread,GetKeyboardState,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,2_2_00007FF8E69F4F70
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E69F58E0 PyArg_ParseTuple,PyEval_SaveThread,ExitWindowsEx,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,2_2_00007FF8E69F58E0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E69F5980 PyArg_ParseTuple,PyEval_SaveThread,ExitWindowsEx,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,2_2_00007FF8E69F5980
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5945980 PyArg_ParseTuple,PyEval_SaveThread,ExitWindowsEx,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,7_2_00007FF8E5945980
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E59458E0 PyArg_ParseTuple,PyEval_SaveThread,ExitWindowsEx,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,7_2_00007FF8E59458E0
Source: C:\Users\user\Desktop\user.exeFile created: C:\Windows\system32\errors.logJump to behavior
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F269640_2_00007FF653F26964
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F089E00_2_00007FF653F089E0
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F010000_2_00007FF653F01000
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F25C000_2_00007FF653F25C00
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F11D540_2_00007FF653F11D54
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F1E5700_2_00007FF653F1E570
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F135A00_2_00007FF653F135A0
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F25E7C0_2_00007FF653F25E7C
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F19EA00_2_00007FF653F19EA0
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F1DEF00_2_00007FF653F1DEF0
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F297280_2_00007FF653F29728
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F117400_2_00007FF653F11740
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F11F600_2_00007FF653F11F60
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F187940_2_00007FF653F18794
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F098000_2_00007FF653F09800
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F218740_2_00007FF653F21874
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F240AC0_2_00007FF653F240AC
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F208C80_2_00007FF653F208C8
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F180E40_2_00007FF653F180E4
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F119440_2_00007FF653F11944
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F121640_2_00007FF653F12164
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F139A40_2_00007FF653F139A4
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F1DA5C0_2_00007FF653F1DA5C
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F0A2DB0_2_00007FF653F0A2DB
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F11B500_2_00007FF653F11B50
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F12C100_2_00007FF653F12C10
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F23C100_2_00007FF653F23C10
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F264180_2_00007FF653F26418
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F208C80_2_00007FF653F208C8
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F0A4740_2_00007FF653F0A474
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F0ACAD0_2_00007FF653F0ACAD
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F15D300_2_00007FF653F15D30
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F269642_2_00007FF653F26964
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F010002_2_00007FF653F01000
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F11D542_2_00007FF653F11D54
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F1E5702_2_00007FF653F1E570
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F135A02_2_00007FF653F135A0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F25E7C2_2_00007FF653F25E7C
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F19EA02_2_00007FF653F19EA0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F1DEF02_2_00007FF653F1DEF0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F297282_2_00007FF653F29728
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F117402_2_00007FF653F11740
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F11F602_2_00007FF653F11F60
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F187942_2_00007FF653F18794
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F098002_2_00007FF653F09800
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F218742_2_00007FF653F21874
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F240AC2_2_00007FF653F240AC
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F208C82_2_00007FF653F208C8
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F180E42_2_00007FF653F180E4
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F119442_2_00007FF653F11944
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F121642_2_00007FF653F12164
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F139A42_2_00007FF653F139A4
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F089E02_2_00007FF653F089E0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F1DA5C2_2_00007FF653F1DA5C
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F0A2DB2_2_00007FF653F0A2DB
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F11B502_2_00007FF653F11B50
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F25C002_2_00007FF653F25C00
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F12C102_2_00007FF653F12C10
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F23C102_2_00007FF653F23C10
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F264182_2_00007FF653F26418
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F208C82_2_00007FF653F208C8
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F0A4742_2_00007FF653F0A474
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F0ACAD2_2_00007FF653F0ACAD
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F15D302_2_00007FF653F15D30
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E69F43F02_2_00007FF8E69F43F0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E69F39302_2_00007FF8E69F3930
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E69F35402_2_00007FF8E69F3540
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6A38A302_2_00007FF8E6A38A30
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6A4A8802_2_00007FF8E6A4A880
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6A385E02_2_00007FF8E6A385E0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6A285502_2_00007FF8E6A28550
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6A623002_2_00007FF8E6A62300
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6A684A02_2_00007FF8E6A684A0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6A4CB702_2_00007FF8E6A4CB70
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6A5ECC02_2_00007FF8E6A5ECC0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6A537802_2_00007FF8E6A53780
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6A5F6902_2_00007FF8E6A5F690
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6A532302_2_00007FF8E6A53230
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6A61FC02_2_00007FF8E6A61FC0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6A4DA902_2_00007FF8E6A4DA90
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6B119502_2_00007FF8E6B11950
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6B113002_2_00007FF8E6B11300
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6B122702_2_00007FF8E6B12270
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6BD10A02_2_00007FF8E6BD10A0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6BCC8402_2_00007FF8E6BCC840
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6BC3A502_2_00007FF8E6BC3A50
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C1AFD02_2_00007FF8E6C1AFD0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C375D02_2_00007FF8E6C375D0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C3EBD02_2_00007FF8E6C3EBD0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C095F02_2_00007FF8E6C095F0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C1A1F02_2_00007FF8E6C1A1F0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C0B7902_2_00007FF8E6C0B790
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C277902_2_00007FF8E6C27790
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C20F802_2_00007FF8E6C20F80
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C249802_2_00007FF8E6C24980
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C20BB02_2_00007FF8E6C20BB0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6BF5B402_2_00007FF8E6BF5B40
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6BFA5402_2_00007FF8E6BFA540
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C067402_2_00007FF8E6C06740
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C37D502_2_00007FF8E6C37D50
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6BF3D602_2_00007FF8E6BF3D60
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C197702_2_00007FF8E6C19770
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C423702_2_00007FF8E6C42370
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C25F602_2_00007FF8E6C25F60
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C395102_2_00007FF8E6C39510
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6BFC9102_2_00007FF8E6BFC910
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C227002_2_00007FF8E6C22700
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C3DD202_2_00007FF8E6C3DD20
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C1C2D02_2_00007FF8E6C1C2D0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C22AD02_2_00007FF8E6C22AD0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C36ED02_2_00007FF8E6C36ED0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6BFB2D02_2_00007FF8E6BFB2D0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C1EEC02_2_00007FF8E6C1EEC0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C3B8C02_2_00007FF8E6C3B8C0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C410C02_2_00007FF8E6C410C0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C3C4C02_2_00007FF8E6C3C4C0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6BFDEF02_2_00007FF8E6BFDEF0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C026F02_2_00007FF8E6C026F0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C1F2902_2_00007FF8E6C1F290
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C272902_2_00007FF8E6C27290
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C044902_2_00007FF8E6C04490
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C3F8B02_2_00007FF8E6C3F8B0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C1E6A02_2_00007FF8E6C1E6A0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C404A02_2_00007FF8E6C404A0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C37A402_2_00007FF8E6C37A40
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6BF66602_2_00007FF8E6BF6660
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C056602_2_00007FF8E6C05660
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C07C602_2_00007FF8E6C07C60
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E59439307_2_00007FF8E5943930
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E59435407_2_00007FF8E5943540
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E59443F07_2_00007FF8E59443F0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5988A307_2_00007FF8E5988A30
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E59885E07_2_00007FF8E59885E0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E59785507_2_00007FF8E5978550
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E599A8807_2_00007FF8E599A880
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E59B84A07_2_00007FF8E59B84A0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E59B23007_2_00007FF8E59B2300
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E59AECC07_2_00007FF8E59AECC0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E599CB707_2_00007FF8E599CB70
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E59AF6907_2_00007FF8E59AF690
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E59A37807_2_00007FF8E59A3780
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E59A32307_2_00007FF8E59A3230
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E59B1FC07_2_00007FF8E59B1FC0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E599DA907_2_00007FF8E599DA90
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5A622707_2_00007FF8E5A62270
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5A619507_2_00007FF8E5A61950
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5A613007_2_00007FF8E5A61300
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B210A07_2_00007FF8E5B210A0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B1C8407_2_00007FF8E5B1C840
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B13A507_2_00007FF8E5B13A50
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B611E07_2_00007FF8E5B611E0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B61E207_2_00007FF8E5B61E20
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5BB36D07_2_00007FF8E5BB36D0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B72A807_2_00007FF8E5B72A80
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B742807_2_00007FF8E5B74280
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B95E507_2_00007FF8E5B95E50
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B99A607_2_00007FF8E5B99A60
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B72E707_2_00007FF8E5B72E70
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B90E107_2_00007FF8E5B90E10
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B975C07_2_00007FF8E5B975C0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B9A9D07_2_00007FF8E5B9A9D0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B969E07_2_00007FF8E5B969E0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B9A1E07_2_00007FF8E5B9A1E0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B871807_2_00007FF8E5B87180
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B981907_2_00007FF8E5B98190
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B7D1907_2_00007FF8E5B7D190
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B939B07_2_00007FF8E5B939B0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B71D407_2_00007FF8E5B71D40
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B949507_2_00007FF8E5B94950
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B9B1007_2_00007FF8E5B9B100
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B749007_2_00007FF8E5B74900
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B87D107_2_00007FF8E5B87D10
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B98D207_2_00007FF8E5B98D20
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B809207_2_00007FF8E5B80920
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B7592C7_2_00007FF8E5B7592C
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5BB31307_2_00007FF8E5BB3130
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B934807_2_00007FF8E5B93480
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B9B8807_2_00007FF8E5B9B880
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B790807_2_00007FF8E5B79080
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B888A07_2_00007FF8E5B888A0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B8A0407_2_00007FF8E5B8A040
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B758507_2_00007FF8E5B75850
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B75C637_2_00007FF8E5B75C63
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B9C0707_2_00007FF8E5B9C070
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B944207_2_00007FF8E5B94420
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B964207_2_00007FF8E5B96420
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B894307_2_00007FF8E5B89430
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B7CC307_2_00007FF8E5B7CC30
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B953C07_2_00007FF8E5B953C0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B79FD07_2_00007FF8E5B79FD0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B96FF07_2_00007FF8E5B96FF0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B97B807_2_00007FF8E5B97B80
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B733807_2_00007FF8E5B73380
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B9FF8B7_2_00007FF8E5B9FF8B
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B9C7A07_2_00007FF8E5B9C7A0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B713B07_2_00007FF8E5B713B0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B7E3B07_2_00007FF8E5B7E3B0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B987607_2_00007FF8E5B98760
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B92F707_2_00007FF8E5B92F70
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B75F757_2_00007FF8E5B75F75
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B93F107_2_00007FF8E5B93F10
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B763167_2_00007FF8E5B76316
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B9CF207_2_00007FF8E5B9CF20
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B7671A7_2_00007FF8E5B7671A
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B9E71B7_2_00007FF8E5B9E71B
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B73B207_2_00007FF8E5B73B20
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B993307_2_00007FF8E5B99330
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C110C07_2_00007FF8E5C110C0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C116A07_2_00007FF8E5C116A0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C2B2D07_2_00007FF8E5C2B2D0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C4C2D07_2_00007FF8E5C4C2D0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C52AD07_2_00007FF8E5C52AD0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C66ED07_2_00007FF8E5C66ED0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C4EEC07_2_00007FF8E5C4EEC0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C6C4C07_2_00007FF8E5C6C4C0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C710C07_2_00007FF8E5C710C0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C6B8C07_2_00007FF8E5C6B8C0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C2DEF07_2_00007FF8E5C2DEF0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C326F07_2_00007FF8E5C326F0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C344907_2_00007FF8E5C34490
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C4F2907_2_00007FF8E5C4F290
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C572907_2_00007FF8E5C57290
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C6F8B07_2_00007FF8E5C6F8B0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C4E6A07_2_00007FF8E5C4E6A0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C704A07_2_00007FF8E5C704A0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C67A407_2_00007FF8E5C67A40
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C72A707_2_00007FF8E5C72A70
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C266607_2_00007FF8E5C26660
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C356607_2_00007FF8E5C35660
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C37C607_2_00007FF8E5C37C60
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C4DA607_2_00007FF8E5C4DA60
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C4AC107_2_00007FF8E5C4AC10
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C224007_2_00007FF8E5C22400
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C56C207_2_00007FF8E5C56C20
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C4AFD07_2_00007FF8E5C4AFD0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C675D07_2_00007FF8E5C675D0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C6EBD07_2_00007FF8E5C6EBD0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C395F07_2_00007FF8E5C395F0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C4A1F07_2_00007FF8E5C4A1F0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C3B7907_2_00007FF8E5C3B790
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C577907_2_00007FF8E5C57790
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C50F807_2_00007FF8E5C50F80
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C549807_2_00007FF8E5C54980
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C50BB07_2_00007FF8E5C50BB0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C67D507_2_00007FF8E5C67D50
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C25B407_2_00007FF8E5C25B40
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C2A5407_2_00007FF8E5C2A540
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C367407_2_00007FF8E5C36740
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C497707_2_00007FF8E5C49770
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C723707_2_00007FF8E5C72370
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C23D607_2_00007FF8E5C23D60
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C55F607_2_00007FF8E5C55F60
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C2C9107_2_00007FF8E5C2C910
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C695107_2_00007FF8E5C69510
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C527007_2_00007FF8E5C52700
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C6DD207_2_00007FF8E5C6DD20
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF16FE7_2_00007FF8E5CF16FE
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D688707_2_00007FF8E5D68870
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF116D7_2_00007FF8E5CF116D
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF87207_2_00007FF8E5CF8720
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1D937_2_00007FF8E5CF1D93
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF117C7_2_00007FF8E5CF117C
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1B547_2_00007FF8E5CF1B54
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1CBC7_2_00007FF8E5CF1CBC
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF149C7_2_00007FF8E5CF149C
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF27027_2_00007FF8E5CF2702
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF16187_2_00007FF8E5CF1618
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1EE27_2_00007FF8E5CF1EE2
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D289207_2_00007FF8E5D28920
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D6AC807_2_00007FF8E5D6AC80
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1A0F7_2_00007FF8E5CF1A0F
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF26177_2_00007FF8E5CF2617
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D636507_2_00007FF8E5D63650
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF16547_2_00007FF8E5CF1654
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF13DE7_2_00007FF8E5CF13DE
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF21C67_2_00007FF8E5CF21C6
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D5D2D07_2_00007FF8E5D5D2D0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF24DC7_2_00007FF8E5CF24DC
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1C127_2_00007FF8E5CF1C12
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF17F87_2_00007FF8E5CF17F8
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF15467_2_00007FF8E5CF1546
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D3DE507_2_00007FF8E5D3DE50
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF1FDC7_2_00007FF8E5CF1FDC
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF21E47_2_00007FF8E5CF21E4
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D160307_2_00007FF8E5D16030
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FF8E5D6D32F appears 273 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FF8E5D6DB03 appears 37 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FF8E5A3C400 appears 47 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FF8E5974BF0 appears 77 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FF8E5D6D425 appears 39 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FF8E6A24BF0 appears 77 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FF8E6AEC400 appears 47 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FF8E59889C0 appears 248 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FF8E5B13900 appears 116 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FF8E6BC3900 appears 116 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FF8E6A389C0 appears 248 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FF8E5974250 appears 68 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FF8E5B13880 appears 51 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FF8E6BC3880 appears 51 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FF8E6A24250 appears 68 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FF8E5CF1325 appears 400 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FF653F02710 appears 104 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FF653F02910 appears 34 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FF8E5D6D33B appears 33 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FF8E5D6D341 appears 1016 times
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.5.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.11.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: python3.dll.0.drStatic PE information: No import functions for PE file found
Source: python3.dll.5.drStatic PE information: No import functions for PE file found
Source: python3.dll.11.drStatic PE information: No import functions for PE file found
Source: user.exe, 00000000.00000003.1362747723.0000027A3E321000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs user.exe
Source: user.exe, 00000000.00000003.1365161477.0000027A3E321000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs user.exe
Source: user.exe, 00000000.00000003.1372027234.0000027A3E321000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs user.exe
Source: user.exe, 00000000.00000003.1380441449.0000027A3E321000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepythoncom313.dll0 vs user.exe
Source: user.exe, 00000000.00000003.1382993293.0000027A3E321000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs user.exe
Source: user.exe, 00000000.00000003.1381436900.0000027A3E321000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs user.exe
Source: user.exe, 00000000.00000003.1382049145.0000027A3E321000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs user.exe
Source: user.exe, 00000000.00000003.1363533994.0000027A3E321000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs user.exe
Source: user.exe, 00000000.00000003.1383240668.0000027A3E32E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs user.exe
Source: user.exe, 00000000.00000003.1383106327.0000027A3E321000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs user.exe
Source: user.exe, 00000000.00000003.1363672400.0000027A3E321000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs user.exe
Source: user.exe, 00000000.00000003.1382942130.0000027A3E32E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs user.exe
Source: user.exe, 00000000.00000003.1364990790.0000027A3E321000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs user.exe
Source: user.exe, 00000000.00000003.1363837714.0000027A3E321000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs user.exe
Source: user.exe, 00000000.00000003.1365340376.0000027A3E321000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs user.exe
Source: user.exe, 00000000.00000003.1362577469.0000027A3E321000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs user.exe
Source: user.exe, 00000000.00000003.1364422732.0000027A3E321000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs user.exe
Source: user.exe, 00000000.00000003.1364615537.0000027A3E321000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs user.exe
Source: user.exe, 00000000.00000003.1383240668.0000027A3E321000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs user.exe
Source: user.exe, 00000000.00000003.1381043666.0000027A3E321000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes313.dll0 vs user.exe
Source: user.exe, 00000000.00000003.1372505324.0000027A3E321000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs user.exe
Source: user.exe, 00000000.00000003.1362270059.0000027A3E321000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32ui.pyd0 vs user.exe
Source: user.exe, 00000000.00000003.1363208241.0000027A3E321000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs user.exe
Source: user.exeBinary or memory string: OriginalFilename vs user.exe
Source: user.exe, 00000002.00000002.2637315032.00007FF8F835A000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs user.exe
Source: user.exe, 00000002.00000002.2620603180.000001B295712000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs user.exe
Source: user.exe, 00000002.00000002.2634320682.00007FF8E7E23000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs user.exe
Source: user.exe, 00000002.00000002.2626712654.00007FF8E6B02000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: OriginalFilenamepywintypes313.dll0 vs user.exe
Source: user.exe, 00000002.00000002.2626091431.00007FF8E6A11000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs user.exe
Source: user.exe, 00000002.00000002.2633656105.00007FF8E7C9A000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs user.exe
Source: user.exe, 00000002.00000002.2628458287.00007FF8E6FD0000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenamelibsslH vs user.exe
Source: user.exe, 00000002.00000002.2638003535.00007FF8F8CA8000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs user.exe
Source: user.exe, 00000002.00000002.2635638616.00007FF8F704E000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs user.exe
Source: user.exe, 00000002.00000002.2630080832.00007FF8E74D4000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs user.exe
Source: user.exe, 00000002.00000002.2636782078.00007FF8F7AA2000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs user.exe
Source: user.exe, 00000002.00000002.2633333141.00007FF8E7B30000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython313.dll. vs user.exe
Source: user.exe, 00000002.00000002.2636214243.00007FF8F7A33000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs user.exe
Source: user.exe, 00000002.00000002.2627148448.00007FF8E6BBC000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs user.exe
Source: user.exe, 00000002.00000002.2637048773.00007FF8F830D000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs user.exe
Source: user.exe, 00000002.00000002.2638349165.00007FF8F8FF6000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs user.exe
Source: user.exe, 00000002.00000002.2620851258.000001B2958F0000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs user.exe
Source: user.exe, 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: OriginalFilenamepythoncom313.dll0 vs user.exe
Source: user.exe, 00000002.00000002.2635060021.00007FF8F6DA6000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs user.exe
Source: user.exe, 00000002.00000002.2637615819.00007FF8F8B89000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs user.exe
Source: user.exe, 00000005.00000003.1452786524.00000245209C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs user.exe
Source: user.exe, 00000005.00000003.1449788223.00000245209C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs user.exe
Source: user.exe, 00000005.00000003.1468330749.00000245209C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs user.exe
Source: user.exe, 00000005.00000003.1468200856.00000245209D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs user.exe
Source: user.exe, 00000005.00000003.1448877672.00000245209C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs user.exe
Source: user.exe, 00000005.00000003.1448428595.00000245209C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs user.exe
Source: user.exe, 00000005.00000003.1452996149.00000245209C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs user.exe
Source: user.exe, 00000005.00000003.1468502118.00000245209C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs user.exe
Source: user.exe, 00000005.00000003.1466886855.00000245209C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepythoncom313.dll0 vs user.exe
Source: user.exe, 00000005.00000003.1468502118.00000245209D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs user.exe
Source: user.exe, 00000005.00000003.1446624839.00000245209C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32ui.pyd0 vs user.exe
Source: user.exe, 00000005.00000003.1464787734.00000245209C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs user.exe
Source: user.exe, 00000005.00000003.1449287226.00000245209C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs user.exe
Source: user.exe, 00000005.00000003.1447477413.00000245209C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs user.exe
Source: user.exe, 00000005.00000003.1449079706.00000245209C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs user.exe
Source: user.exe, 00000005.00000003.1467463412.00000245209C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs user.exe
Source: user.exe, 00000005.00000003.1449590565.00000245209C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs user.exe
Source: user.exe, 00000005.00000003.1467693768.00000245209C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs user.exe
Source: user.exe, 00000005.00000003.1447786494.00000245209C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs user.exe
Source: user.exe, 00000005.00000003.1449899794.00000245209C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs user.exe
Source: user.exe, 00000005.00000003.1464454740.00000245209C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs user.exe
Source: user.exe, 00000005.00000003.1468200856.00000245209C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs user.exe
Source: user.exe, 00000005.00000003.1467334854.00000245209C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes313.dll0 vs user.exe
Source: user.exeBinary or memory string: OriginalFilename vs user.exe
Source: user.exe, 00000007.00000002.1604461859.00007FF8E5B0C000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs user.exe
Source: user.exe, 00000007.00000002.1617434983.00007FF8E62B4000.00000002.00000001.01000000.00000028.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs user.exe
Source: user.exe, 00000007.00000002.1618311849.00007FF8E635E000.00000002.00000001.01000000.00000020.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs user.exe
Source: user.exe, 00000007.00000002.1620206310.00007FF8F095A000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs user.exe
Source: user.exe, 00000007.00000002.1617889378.00007FF8E6306000.00000002.00000001.01000000.00000025.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs user.exe
Source: user.exe, 00000007.00000002.1618100944.00007FF8E6333000.00000002.00000001.01000000.00000023.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs user.exe
Source: user.exe, 00000007.00000002.1614330240.00007FF8E5C18000.00000002.00000001.01000000.0000002A.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs user.exe
Source: user.exe, 00000007.00000002.1600413520.00007FF8E5A52000.00000002.00000001.01000000.00000032.sdmpBinary or memory string: OriginalFilenamepywintypes313.dll0 vs user.exe
Source: user.exe, 00000007.00000002.1614164021.00007FF8E5C09000.00000002.00000001.01000000.0000002B.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs user.exe
Source: user.exe, 00000007.00000002.1613217094.00007FF8E5B6D000.00000002.00000001.01000000.0000002D.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs user.exe
Source: classification engineClassification label: mal60.troj.evad.winEXE@12/145@1/1
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E69F3930 PyArg_ParseTuple,GetLastError,?PyWin_GetErrorMessageModule@@YAPEAUHINSTANCE__@@K@Z,FormatMessageW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,PyErr_Clear,PyArg_ParseTuple,?PyWinObject_AsHANDLE@@YAHPEAU_object@@PEAPEAX@Z,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,?PyWinSequence_Tuple@@YAPEAU_object@@PEAU1@PEAK@Z,malloc,PyErr_NoMemory,memset,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,FormatMessageW,PyEval_RestoreThread,PyExc_SystemError,PyErr_SetString,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,free,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,LocalFree,_Py_Dealloc,2_2_00007FF8E69F3930
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E69F4C00 _Py_NoneStruct,PyArg_ParseTuple,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,GetDiskFreeSpaceW,PyEval_RestoreThread,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,Py_BuildValue,2_2_00007FF8E69F4C00
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6A31330 PyArg_ParseTuple,?PyWinObject_AsIID@@YAHPEAU_object@@PEAU_GUID@@@Z,?PyWinObject_AsIID@@YAHPEAU_object@@PEAU_GUID@@@Z,PyObject_IsInstance,PyErr_Occurred,PyExc_TypeError,PyErr_SetString,PyObject_IsInstance,PyExc_ValueError,PyErr_Format,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,PyObject_GetAttrString,PyErr_Clear,PyExc_TypeError,PyErr_SetString,PyObject_IsInstance,PyExc_ValueError,PyErr_Format,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,_Py_Dealloc,PyEval_SaveThread,CoCreateInstance,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,PyObject_IsSubclass,2_2_00007FF8E6A31330
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E69FCBB0 PyArg_ParseTuple,?PyWinObject_AsHANDLE@@YAHPEAU_object@@PEAPEAX@Z,?PyWinObject_AsResourceId@@YAHPEAU_object@@PEAPEA_WH@Z,?PyWinObject_AsResourceId@@YAHPEAU_object@@PEAPEA_WH@Z,FindResourceExW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,SizeofResource,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,LoadResource,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,LockResource,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,?PyWinObject_FreeResourceId@@YAXPEA_W@Z,?PyWinObject_FreeResourceId@@YAXPEA_W@Z,2_2_00007FF8E69FCBB0
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\Desktop\errors.logJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7768:120:WilError_03
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642Jump to behavior
Source: user.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\user.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: user.exeVirustotal: Detection: 12%
Source: C:\Users\user\Desktop\user.exeFile read: C:\Users\user\Desktop\user.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\user.exe "C:\Users\user\Desktop\user.exe"
Source: C:\Users\user\Desktop\user.exeProcess created: C:\Users\user\Desktop\user.exe "C:\Users\user\Desktop\user.exe"
Source: C:\Users\user\Desktop\user.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: unknownProcess created: C:\Users\user\Desktop\user.exe C:\Users\user\Desktop\user.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\user.exeProcess created: C:\Users\user\Desktop\user.exe C:\Users\user\Desktop\user.exe
Source: C:\Users\user\Desktop\user.exeProcess created: C:\Users\user\Desktop\user.exe "C:\Users\user\Desktop\user.exe" C:\Users\user\Desktop\user.exe
Source: C:\Users\user\Desktop\user.exeProcess created: C:\Users\user\Desktop\user.exe "C:\Users\user\Desktop\user.exe" C:\Users\user\Desktop\user.exe
Source: C:\Users\user\Desktop\user.exeProcess created: C:\Users\user\Desktop\user.exe "C:\Users\user\Desktop\user.exe"Jump to behavior
Source: C:\Users\user\Desktop\user.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\user.exeProcess created: C:\Users\user\Desktop\user.exe C:\Users\user\Desktop\user.exeJump to behavior
Source: C:\Users\user\Desktop\user.exeProcess created: C:\Users\user\Desktop\user.exe "C:\Users\user\Desktop\user.exe" C:\Users\user\Desktop\user.exeJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: libffi-8.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: libssl-3.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: libffi-8.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: libssl-3.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: libffi-8.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: libssl-3.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: user.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: user.exeStatic file information: File size 16756993 > 1048576
Source: user.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: user.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: user.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: user.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: user.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: user.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: user.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: user.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: user.exe, 00000000.00000003.1382049145.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2626855364.00007FF8E6BB7000.00000002.00000001.01000000.00000018.sdmp, user.exe, 00000005.00000003.1467693768.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1601648258.00007FF8E5B07000.00000002.00000001.01000000.00000031.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: user.exe, 00000002.00000002.2629554504.00007FF8E742A000.00000002.00000001.01000000.0000000E.sdmp, user.exe, 00000007.00000002.1616958688.00007FF8E620A000.00000002.00000001.01000000.00000028.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\_win32sysloader.pdb source: user.exe, 00000000.00000003.1382993293.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1468200856.00000245209C3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: user.exe, 00000002.00000002.2628358963.00007FF8E6F95000.00000002.00000001.01000000.0000000F.sdmp, user.exe, 00000007.00000002.1614754021.00007FF8E5D75000.00000002.00000001.01000000.00000027.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pywintypes.pdb** source: user.exe, 00000002.00000002.2626615099.00007FF8E6AF1000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb(('GCTL source: user.exe, 00000000.00000003.1365340376.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2637906283.00007FF8F8CA4000.00000002.00000001.01000000.00000011.sdmp, user.exe, 00000005.00000003.1452996149.00000245209C3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pythoncom.pdb}},GCTL source: user.exe, 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32trace.pdb source: user.exe, 00000000.00000003.1383240668.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1468502118.00000245209C3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: user.exe, 00000000.00000003.1362577469.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2637209525.00007FF8F8354000.00000002.00000001.01000000.00000005.sdmp, user.exe, 00000005.00000003.1447477413.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1620143500.00007FF8F0954000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: user.exe, 00000002.00000002.2629554504.00007FF8E7392000.00000002.00000001.01000000.0000000E.sdmp, user.exe, 00000007.00000002.1616958688.00007FF8E6172000.00000002.00000001.01000000.00000028.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: user.exe, 00000000.00000003.1362577469.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2637209525.00007FF8F8354000.00000002.00000001.01000000.00000005.sdmp, user.exe, 00000005.00000003.1447477413.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1620143500.00007FF8F0954000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32api.pdb!! source: user.exe, 00000002.00000002.2625975165.00007FF8E6A03000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: user.exe, 00000002.00000002.2629554504.00007FF8E742A000.00000002.00000001.01000000.0000000E.sdmp, user.exe, 00000007.00000002.1616958688.00007FF8E620A000.00000002.00000001.01000000.00000028.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32api.pdb source: user.exe, 00000002.00000002.2625975165.00007FF8E6A03000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: user.exe, 00000000.00000003.1362747723.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2637506375.00007FF8F8B85000.00000002.00000001.01000000.00000012.sdmp, user.exe, 00000005.00000003.1447786494.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1614093263.00007FF8E5C05000.00000002.00000001.01000000.0000002B.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: user.exe, 00000000.00000003.1381436900.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2638100481.00007FF8F8FF3000.00000002.00000001.01000000.0000000C.sdmp, user.exe, 00000005.00000003.1467463412.00000245209C3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pywintypes.pdb source: user.exe, 00000002.00000002.2626615099.00007FF8E6AF1000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: user.exe, 00000002.00000002.2635380374.00007FF8F7043000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: user.exe, 00000000.00000003.1363837714.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2636947025.00007FF8F8306000.00000002.00000001.01000000.00000014.sdmp, user.exe, 00000005.00000003.1449287226.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1612639997.00007FF8E5B66000.00000002.00000001.01000000.0000002D.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: user.exe, 00000000.00000003.1364422732.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2634036136.00007FF8E7E1B000.00000002.00000001.01000000.0000000A.sdmp, user.exe, 00000005.00000003.1449590565.00000245209C3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: user.exe, 00000000.00000003.1364615537.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2634902972.00007FF8F6DA3000.00000002.00000001.01000000.00000015.sdmp, user.exe, 00000005.00000003.1449788223.00000245209C3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pythoncom.pdb source: user.exe, 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: user.exe, 00000000.00000003.1364422732.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2634036136.00007FF8E7E1B000.00000002.00000001.01000000.0000000A.sdmp, user.exe, 00000005.00000003.1449590565.00000245209C3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: user.exe, 00000000.00000003.1363208241.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2636675020.00007FF8F7A9D000.00000002.00000001.01000000.00000009.sdmp, user.exe, 00000005.00000003.1448428595.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1619967318.00007FF8E7C5D000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: user.exe, 00000000.00000003.1365340376.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2637906283.00007FF8F8CA4000.00000002.00000001.01000000.00000011.sdmp, user.exe, 00000005.00000003.1452996149.00000245209C3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: user.exe, 00000000.00000003.1364990790.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2635936237.00007FF8F7A29000.00000002.00000001.01000000.0000000B.sdmp, user.exe, 00000005.00000003.1449899794.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1619808462.00007FF8E6E69000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: user.exe, 00000000.00000003.1372505324.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2620851258.000001B2958F0000.00000002.00000001.01000000.00000006.sdmp, user.exe, 00000005.00000003.1464787734.00000245209C3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python313.pdb source: user.exe, 00000002.00000002.2631025301.00007FF8E78F8000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: user.exe, 00000000.00000003.1362747723.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2637506375.00007FF8F8B85000.00000002.00000001.01000000.00000012.sdmp, user.exe, 00000005.00000003.1447786494.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1614093263.00007FF8E5C05000.00000002.00000001.01000000.0000002B.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdb source: user.exe, 00000002.00000002.2628358963.00007FF8E6F95000.00000002.00000001.01000000.0000000F.sdmp, user.exe, 00000007.00000002.1614754021.00007FF8E5D75000.00000002.00000001.01000000.00000027.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: user.exe, 00000002.00000002.2633466176.00007FF8E7C7E000.00000002.00000001.01000000.0000000D.sdmp, user.exe, 00000007.00000002.1617610822.00007FF8E62DE000.00000002.00000001.01000000.00000026.sdmp
Source: user.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: user.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: user.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: user.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: user.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: VCRUNTIME140.dll.0.drStatic PE information: 0x78BDDED1 [Sat Mar 11 17:01:05 2034 UTC]
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E69FEFE0 ?PyWinGlobals_Ensure@@YAHXZ,PyModule_Create2,PyModule_GetDict,?PyWinExc_ApiError@@3PEAU_object@@EA,PyDict_SetItemString,PyLong_FromLong,PyDict_SetItemString,PyLong_FromLong,PyDict_SetItemString,PyLong_FromLong,PyDict_SetItemString,PyType_Ready,PyDict_SetItemString,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,GetModuleHandleW,LoadLibraryExW,GetProcAddressForCaller,GetProcAddress,GetModuleHandleW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00007FF8E69FEFE0
Source: mfc140u.dll.0.drStatic PE information: section name: .didat
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
Source: python313.dll.0.drStatic PE information: section name: PyRuntim
Source: mfc140u.dll.5.drStatic PE information: section name: .didat
Source: VCRUNTIME140.dll.5.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.5.drStatic PE information: section name: _RDATA
Source: libcrypto-3.dll.5.drStatic PE information: section name: .00cfg
Source: libssl-3.dll.5.drStatic PE information: section name: .00cfg
Source: python313.dll.5.drStatic PE information: section name: PyRuntim
Source: mfc140u.dll.11.drStatic PE information: section name: .didat
Source: VCRUNTIME140.dll.11.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.11.drStatic PE information: section name: _RDATA
Source: libcrypto-3.dll.11.drStatic PE information: section name: .00cfg
Source: libssl-3.dll.11.drStatic PE information: section name: .00cfg
Source: python313.dll.11.drStatic PE information: section name: PyRuntim
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D14331 push rcx; ret 7_2_00007FF8E5D14332

Persistence and Installation Behavior

barindex
Found pyInstaller with non standard icon
Source: C:\Users\user\Desktop\user.exeProcess created: "C:\Users\user\Desktop\user.exe"
Source: C:\Users\user\Desktop\user.exeProcess created: C:\Users\user\Desktop\user.exe
Source: C:\Users\user\Desktop\user.exeProcess created: "C:\Users\user\Desktop\user.exe" C:\Users\user\Desktop\user.exe
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\win32\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\zstandard\_cffi.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\pywin32_system32\pythoncom313.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\libffi-8.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\charset_normalizer\md.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\pywin32_system32\pywintypes313.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\pywin32_system32\pywintypes313.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\libssl-3.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\libffi-8.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\win32\_win32sysloader.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\charset_normalizer\md.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\python313.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\python313.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\win32\win32trace.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\Pythonwin\win32ui.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\zstandard\backend_c.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\_cffi_backend.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\win32\_win32sysloader.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\pywin32_system32\pythoncom313.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\win32\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\win32\win32trace.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\charset_normalizer\md__mypyc.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\pywin32_system32\pywintypes313.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\libffi-8.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\Pythonwin\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\_cffi_backend.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\libssl-3.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\python313.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\charset_normalizer\md.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\charset_normalizer\md__mypyc.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\zstandard\backend_c.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\Pythonwin\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\charset_normalizer\md__mypyc.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\zstandard\_cffi.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\Pythonwin\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\win32\_win32sysloader.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\select.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\select.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\zstandard\backend_c.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\libssl-3.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\_brotli.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\win32\win32trace.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\Pythonwin\win32ui.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\_brotli.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\_cffi_backend.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\select.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\_brotli.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\Pythonwin\win32ui.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI79762\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\pywin32_system32\pythoncom313.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\win32\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75642\zstandard\_cffi.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77602\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F05830 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF653F05830
Source: C:\Users\user\Desktop\user.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\user.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\user.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5D38816 sgdt fword ptr [rax]7_2_00007FF8E5D38816
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\win32\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\zstandard\_cffi.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\pywin32_system32\pythoncom313.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\charset_normalizer\md.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\charset_normalizer\md.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\pywin32_system32\pywintypes313.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\zstandard\backend_c.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\charset_normalizer\md__mypyc.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\pywin32_system32\pywintypes313.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\Pythonwin\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\charset_normalizer\md__mypyc.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\win32\_win32sysloader.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\zstandard\_cffi.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\charset_normalizer\md.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\Pythonwin\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\python313.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\python313.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\win32\_win32sysloader.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\win32\win32trace.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\Pythonwin\win32ui.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\select.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\select.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\zstandard\backend_c.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\zstandard\backend_c.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\_cffi_backend.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\_brotli.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\win32\win32trace.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\Pythonwin\win32ui.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\win32\_win32sysloader.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\_brotli.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\_cffi_backend.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\pywin32_system32\pythoncom313.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\win32\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\win32\win32trace.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\select.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\_brotli.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\charset_normalizer\md__mypyc.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\Pythonwin\win32ui.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\pywin32_system32\pywintypes313.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\pywin32_system32\pythoncom313.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\zstandard\_cffi.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\win32\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\Pythonwin\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75642\_cffi_backend.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77602\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79762\python313.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-17641
Source: C:\Users\user\Desktop\user.exeAPI coverage: 1.5 %
Source: C:\Users\user\Desktop\user.exeAPI coverage: 0.7 %
Source: C:\Users\user\Desktop\user.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F09280 FindFirstFileExW,FindClose,0_2_00007FF653F09280
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F21874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF653F21874
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F083C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF653F083C0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F09280 FindFirstFileExW,FindClose,2_2_00007FF653F09280
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F21874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF653F21874
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F083C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF653F083C0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E69F3540 PyArg_ParseTuple,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyList_New,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindFirstFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,?PyObject_FromWIN32_FIND_DATAW@@YAPEAU_object@@PEAU_WIN32_FIND_DATAW@@@Z,PyList_Append,_Py_Dealloc,FindNextFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindClose,_Py_Dealloc,2_2_00007FF8E69F3540
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5943540 PyArg_ParseTuple,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyList_New,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindFirstFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,?PyObject_FromWIN32_FIND_DATAW@@YAPEAU_object@@PEAU_WIN32_FIND_DATAW@@@Z,PyList_Append,_Py_Dealloc,FindNextFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindClose,_Py_Dealloc,7_2_00007FF8E5943540
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E69F53D0 PyArg_ParseTuple,GetLogicalDriveStringsW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,GetLogicalDriveStringsW,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W_J@Z,2_2_00007FF8E69F53D0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E69FFC78 VirtualQuery,GetSystemInfo,2_2_00007FF8E69FFC78
Source: user.exe, 00000000.00000003.1365856313.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1456453809.00000245209C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: user.exe, 00000007.00000002.1585491425.00000229597C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b})
Source: user.exe, 00000007.00000003.1547776294.000002295A23E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: user.exe, 00000002.00000003.1421669744.000001B295B7D000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1390949588.000001B295BC9000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621109580.000001B295B67000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlle
Source: user.exe, 00000007.00000002.1585491425.00000229597C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: user.exe, 00000007.00000002.1585491425.00000229597C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: user.exe, 00000002.00000002.2623413937.000001B296370000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: ro.kernel.qemu
Source: user.exe, 00000007.00000003.1481946088.00000229593F9000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1533380875.00000229593FF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWAddr%SystemRoot%\system32\mswsock.dll
Source: user.exe, 00000002.00000002.2623413937.000001B296370000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: dro.kernel.qemu
Source: user.exe, 00000007.00000003.1526721995.0000022959905000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\Z
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F1A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF653F1A614
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E69FEFE0 ?PyWinGlobals_Ensure@@YAHXZ,PyModule_Create2,PyModule_GetDict,?PyWinExc_ApiError@@3PEAU_object@@EA,PyDict_SetItemString,PyLong_FromLong,PyDict_SetItemString,PyLong_FromLong,PyDict_SetItemString,PyLong_FromLong,PyDict_SetItemString,PyType_Ready,PyDict_SetItemString,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,GetModuleHandleW,LoadLibraryExW,GetProcAddressForCaller,GetProcAddress,GetModuleHandleW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00007FF8E69FEFE0
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F23480 GetProcessHeap,0_2_00007FF653F23480
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F1A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF653F1A614
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F0C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF653F0C8A0
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F0D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF653F0D12C
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F0D30C SetUnhandledExceptionFilter,0_2_00007FF653F0D30C
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F1A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF653F1A614
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F0C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF653F0C8A0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F0D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF653F0D12C
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF653F0D30C SetUnhandledExceptionFilter,2_2_00007FF653F0D30C
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6A018B0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8E6A018B0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6A00CAC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8E6A00CAC
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6A01A98 SetUnhandledExceptionFilter,2_2_00007FF8E6A01A98
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6A7A874 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8E6A7A874
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6A7B3F4 SetUnhandledExceptionFilter,2_2_00007FF8E6A7B3F4
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6A7B20C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8E6A7B20C
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6AEFBFC SetUnhandledExceptionFilter,2_2_00007FF8E6AEFBFC
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6AEE8FC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8E6AEE8FC
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6AEFA14 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8E6AEFA14
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6B12C90 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8E6B12C90
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6B13248 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8E6B13248
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6BD43F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8E6BD43F0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6BD49A8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8E6BD49A8
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6C449E0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8E6C449E0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5951A98 SetUnhandledExceptionFilter,7_2_00007FF8E5951A98
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5950CAC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00007FF8E5950CAC
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E59518B0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FF8E59518B0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E59CA874 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00007FF8E59CA874
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E59CB20C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FF8E59CB20C
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E59CB3F4 SetUnhandledExceptionFilter,7_2_00007FF8E59CB3F4
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5A3FA14 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FF8E5A3FA14
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5A3E8FC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00007FF8E5A3E8FC
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5A3FBFC SetUnhandledExceptionFilter,7_2_00007FF8E5A3FBFC
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5A63248 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FF8E5A63248
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5A62C90 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00007FF8E5A62C90
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B243F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00007FF8E5B243F0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B249A8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FF8E5B249A8
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B419E0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FF8E5B419E0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B41420 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00007FF8E5B41420
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B51DF0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FF8E5B51DF0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B51830 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00007FF8E5B51830
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B63DD0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00007FF8E5B63DD0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5B64390 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FF8E5B64390
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5BDDC70 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00007FF8E5BDDC70
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C04738 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00007FF8E5C04738
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C12E7C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00007FF8E5C12E7C
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C1335C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FF8E5C1335C
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5C749E0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00007FF8E5C749E0
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5CF212B IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FF8E5CF212B
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E69FDC70 PyArg_ParseTuple,PyEval_SaveThread,keybd_event,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,2_2_00007FF8E69FDC70
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E69FDD10 PyArg_ParseTuple,PyEval_SaveThread,mouse_event,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,2_2_00007FF8E69FDD10
Source: C:\Users\user\Desktop\user.exeProcess created: C:\Users\user\Desktop\user.exe "C:\Users\user\Desktop\user.exe"Jump to behavior
Source: C:\Users\user\Desktop\user.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\user.exeProcess created: C:\Users\user\Desktop\user.exe C:\Users\user\Desktop\user.exeJump to behavior
Source: C:\Users\user\Desktop\user.exeProcess created: C:\Users\user\Desktop\user.exe "C:\Users\user\Desktop\user.exe" C:\Users\user\Desktop\user.exeJump to behavior
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6AE7EB0 PyArg_ParseTuple,PyExc_TypeError,PyErr_SetString,GetSecurityDescriptorDacl,free,SetSecurityDescriptorDacl,GetSecurityDescriptorOwner,free,GetSecurityDescriptorGroup,free,free,free,2_2_00007FF8E6AE7EB0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6AE8D60 PyArg_ParseTuple,PyErr_Clear,PyArg_ParseTuple,PyErr_Clear,PyArg_ParseTuple,PySequence_Check,PyExc_TypeError,PyErr_SetString,PySequence_Size,PySequence_Tuple,PyArg_ParseTuple,_Py_Dealloc,AllocateAndInitializeSid,PyExc_ValueError,PyErr_SetString,_Py_NewReference,malloc,memset,memcpy,2_2_00007FF8E6AE8D60
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F29570 cpuid 0_2_00007FF653F29570
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\cryptography-43.0.3.dist-info\license_files VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\cryptography-43.0.3.dist-info\license_files VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\_brotli.cp313-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\_wmi.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\zstandard VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\zstandard VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\zstandard VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\zstandard\backend_c.cp313-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\charset_normalizer\md__mypyc.cp313-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642\win32\win32api.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gen_py\3.13\__init__.py VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gen_py\3.13\dicts.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\errors.log VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\manifest.json VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\manifest.json VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en\messages.json VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en\messages.json VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\af\messages.json VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\af\messages.json VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\manifest.json VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\manifest.json VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en\messages.json VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en\messages.json VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\messages.json VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\messages.json VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\cryptography-43.0.3.dist-info\license_files VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\_brotli.cp313-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\_wmi.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\zstandard VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\zstandard VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\zstandard VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\zstandard\backend_c.cp313-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI77602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F0D010 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF653F0D010
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E69F4200 PyArg_ParseTuple,GetUserNameW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,2_2_00007FF8E69F4200
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF653F25C00 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF653F25C00
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E69F7890 PyArg_ParseTuple,GetVersionExW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,Py_BuildValue,GetVersionExW,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,Py_BuildValue,PyExc_ValueError,PyErr_Format,2_2_00007FF8E69F7890
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6A34620 PyArg_ParseTuple,PyEval_SaveThread,CreateBindCtx,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyEval_SaveThread,PyEval_RestoreThread,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyObject_IsSubclass,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,2_2_00007FF8E6A34620
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF8E6A33430 PyArg_ParseTuple,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyObject_IsInstance,PyExc_ValueError,PyErr_Format,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,CreateBindCtx,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,PyObject_IsSubclass,PyEval_SaveThread,MkParseDisplayName,PyEval_RestoreThread,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,_Py_Dealloc,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,PyObject_IsSubclass,Py_BuildValue,2_2_00007FF8E6A33430
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5984620 PyArg_ParseTuple,PyEval_SaveThread,CreateBindCtx,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyEval_SaveThread,PyEval_RestoreThread,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyObject_IsSubclass,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,7_2_00007FF8E5984620
Source: C:\Users\user\Desktop\user.exeCode function: 7_2_00007FF8E5983430 PyArg_ParseTuple,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyObject_IsInstance,PyExc_ValueError,PyErr_Format,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,CreateBindCtx,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,PyObject_IsSubclass,PyEval_SaveThread,MkParseDisplayName,PyEval_RestoreThread,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,_Py_Dealloc,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,PyObject_IsSubclass,Py_BuildValue,7_2_00007FF8E5983430

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
Windows Management Instrumentation		1
Scheduled Task/Job		11
Process Injection		11
Masquerading		11
Input Capture		2
System Time Discovery		Remote Services11
Input Capture		1
Web Service		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts1
Scheduled Task/Job		1
DLL Side-Loading		1
Scheduled Task/Job		2
Virtualization/Sandbox Evasion		LSASS Memory31
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		22
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts2
Native API		Logon Script (Windows)1
DLL Side-Loading		11
Process Injection		Security Account Manager2
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDS1
Account Discovery		Distributed Component Object ModelInput Capture2
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information		LSA Secrets1
System Owner/User Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Timestomp		Cached Domain Credentials2
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSync26
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1584838 Sample: user.exe Startdate: 06/01/2025 Architecture: WINDOWS Score: 60 55 api.telegram.org 2->55 57 Multi AV Scanner detection for submitted file 2->57 59 AI detected suspicious sample 2->59 9 user.exe 61 2->9         started        12 user.exe 61 2->12         started        signatures3 61 Uses the Telegram API (likely for C&C communication) 55->61 process4 file5 37 C:\Users\...\backend_c.cp313-win_amd64.pyd, PE32+ 9->37 dropped 39 C:\Users\user\...\_cffi.cp313-win_amd64.pyd, PE32+ 9->39 dropped 41 C:\Users\user\AppData\...\win32trace.pyd, PE32+ 9->41 dropped 49 29 other files (none is malicious) 9->49 dropped 15 user.exe 1 9->15         started        43 C:\Users\...\backend_c.cp313-win_amd64.pyd, PE32+ 12->43 dropped 45 C:\Users\user\...\_cffi.cp313-win_amd64.pyd, PE32+ 12->45 dropped 47 C:\Users\user\AppData\...\win32trace.pyd, PE32+ 12->47 dropped 51 29 other files (none is malicious) 12->51 dropped 63 Found pyInstaller with non standard icon 12->63 17 user.exe 5 12->17         started        signatures6 process7 dnsIp8 20 user.exe 61 15->20         started        53 api.telegram.org 149.154.167.220, 443, 49782, 49789 TELEGRAMRU United Kingdom 17->53 23 cmd.exe 1 17->23         started        process9 file10 29 C:\Users\...\backend_c.cp313-win_amd64.pyd, PE32+ 20->29 dropped 31 C:\Users\user\...\_cffi.cp313-win_amd64.pyd, PE32+ 20->31 dropped 33 C:\Users\user\AppData\...\win32trace.pyd, PE32+ 20->33 dropped 35 29 other files (none is malicious) 20->35 dropped 25 user.exe 1 20->25         started        27 conhost.exe 23->27         started        process11

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
user.exe12%VirustotalBrowse
user.exe5%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI75642\Pythonwin\mfc140u.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\Pythonwin\win32ui.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\VCRUNTIME140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\_brotli.cp313-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\_cffi_backend.cp313-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\_wmi.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\charset_normalizer\md.cp313-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\charset_normalizer\md__mypyc.cp313-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\cryptography\hazmat\bindings\_rust.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\libcrypto-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\libffi-8.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\libssl-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\python3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\python313.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\pywin32_system32\pythoncom313.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\pywin32_system32\pywintypes313.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\unicodedata.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\win32\_win32sysloader.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\win32\win32api.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\win32\win32trace.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\zstandard\_cffi.cp313-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75642\zstandard\backend_c.cp313-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\Pythonwin\mfc140u.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\Pythonwin\win32ui.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\VCRUNTIME140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\_brotli.cp313-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\_cffi_backend.cp313-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\_wmi.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\charset_normalizer\md.cp313-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\charset_normalizer\md__mypyc.cp313-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\cryptography\hazmat\bindings\_rust.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\libcrypto-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\libffi-8.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\libssl-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\python3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\python313.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\pywin32_system32\pythoncom313.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\pywin32_system32\pywintypes313.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\unicodedata.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI77602\win32\_win32sysloader.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://repository.swisssign.com/K0%Avira URL Cloudsafe
https://requests.read0%Avira URL Cloudsafe
http://repository.swisssign.com/g0%Avira URL Cloudsafe
http://python-hyper.org/en/latest/contributing.html0%Avira URL Cloudsafe
https://h2.readthedocs.io0%Avira URL Cloudsafe
https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-error0%Avira URL Cloudsafe
http://repository.swisssign.com/m0%Avira URL Cloudsafe
https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-error00%Avira URL Cloudsafe
https://h2.readthedocs.io/en/latest/0%Avira URL Cloudsafe
http://ocsp.accv.es4~0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
api.telegram.org
149.154.167.220
truefalse
    		high

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://github.com/asweigart/pyperclip/issues/55user.exe, 00000007.00000002.1590791512.000002295A148000.00000004.00001000.00020000.00000000.sdmpfalse
      		high
      https://codecov.io/gh/python-hyper/h2user.exe, 00000000.00000003.1369355123.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462146123.00000245209C6000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        https://api.telegram.org/botuser.exe, 00000007.00000002.1585152494.0000022959670000.00000004.00001000.00020000.00000000.sdmpfalse
          		high
          https://github.com/mhammond/pywin32user.exe, user.exe, 00000007.00000002.1600413520.00007FF8E5A52000.00000002.00000001.01000000.00000032.sdmpfalse
            		high
            https://payments.google.com/payments/v4/js/integrator.jsExtensionsuser.exe, 00000002.00000002.2623880663.000001B2968A8000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              http://repository.swisssign.com/Kuser.exe, 00000002.00000003.1421492929.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://github.com/urllib3/urllib3/issues/2168user.exe, 00000002.00000003.1389176083.000001B295B7E000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#user.exe, 00000002.00000002.2619126307.000001B293BA8000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1527184461.00000229575A2000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1562515908.00000229575D1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1563292594.0000022959173000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1579761417.0000022959175000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524321430.0000022959170000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://github.com/pyca/cryptography/actions?query=workflow%3ACIuser.exe, 00000000.00000003.1366313980.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1457542424.00000245209C6000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://packaging.python.org/en/latest/specifications/recording-installed-packages/#the-record-fileuser.exe, 00000002.00000002.2621109580.000001B295A20000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://tools.ietf.org/html/rfc2388#section-4.4user.exe, 00000002.00000002.2621109580.000001B295A20000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1480894513.000002295980D000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1535652585.0000022959812000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1528011348.00000229597FB000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://www.apache.org/licenses/LICENSE-2.0user.exe, 00000000.00000003.1366702047.0000027A3E32F000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1366616298.0000027A3E32F000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1366646900.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1458538738.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1458538738.00000245209D1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1459342420.00000245209D1000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64user.exe, 00000002.00000003.1390949588.000001B295AEF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621109580.000001B295A20000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421669744.000001B295AD7000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://www.accv.es/legislacion_c.htmcl5user.exe, 00000007.00000003.1532372203.0000022959AE5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://packaging.python.org/en/latest/specifications/entry-points/#file-formatuser.exe, 00000002.00000002.2621109580.000001B295A20000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://repository.swisssign.com/guser.exe, 00000002.00000002.2621747627.000001B295EDA000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://github.com/python-hyper/h2/workflows/CI/badge.svguser.exe, 00000000.00000003.1369355123.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462146123.00000245209C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://api.telegram.org/bot8198088572:AAHuCRMqYLAInPh6sc5IXCxLBzQUYapjKZ8/sendMessageuser.exe, 00000002.00000002.2623880663.000001B296850000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://github.com/orgs/python-hyper/peopleuser.exe, 00000000.00000003.1369355123.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462146123.00000245209C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963user.exe, 00000002.00000003.1392435767.000001B295F24000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621634585.000001B295D40000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000007.00000002.1585152494.0000022959670000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        http://cacerts.digiuser.exe, 00000000.00000003.1365161477.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1382049145.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.1382942130.0000027A3E32E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1452786524.00000245209C3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1467693768.00000245209C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://peps.python.org/pep-0205/user.exe, 00000002.00000003.1385108111.000001B2956B1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621508196.000001B295C40000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000007.00000002.1585008614.0000022959570000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000007.00000003.1470465704.00000229575DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://crl.dhimyotis.com/certignarootca.crluser.exe, 00000002.00000003.1421141726.000001B2961CD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1535125970.0000022959B14000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532372203.0000022959AE5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1534313123.0000022959B29000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1588628384.0000022959B2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://curl.haxx.se/rfc/cookie_spec.htmluser.exe, 00000002.00000003.1392791148.000001B296102000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2623641827.000001B2965C0000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B295EDA000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B295FDD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1481704199.000002295994C000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1481495642.0000022959A20000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://ocsp.accv.esuser.exe, 00000002.00000003.1421141726.000001B2961CD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532372203.0000022959AE5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1587771128.0000022959AFF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1545235200.0000022959AFE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://github.com/urllib3/urllib3/issues/3020user.exe, 00000002.00000003.1389176083.000001B295B7E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1389544051.000001B295B7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://readthedocs.org/projects/h2/badge/?version=latestuser.exe, 00000000.00000003.1369355123.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462146123.00000245209C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenameuser.exe, 00000002.00000002.2619623100.000001B295490000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyuser.exe, 00000002.00000002.2623413937.000001B296370000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000002.00000003.1392435767.000001B295F24000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688user.exe, 00000002.00000003.1387568398.000001B2956D8000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2620603180.000001B2956B0000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1387249458.000001B2956DF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2619623100.000001B295514000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000002.00000003.1387801808.000001B2956DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://httpbin.org/getuser.exe, 00000002.00000003.1421141726.000001B2960DE000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B295FDD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B29612A000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520665223.00000229598D5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520071289.0000022959A4C000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520665223.00000229598BB000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1545326033.0000022959911000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1556811900.0000022959912000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524380998.00000229598B1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1525493888.00000229598B2000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1578585574.0000022959A62000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1554991563.000002295942E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1525011279.000002295941F000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1556103241.00000229598B3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959A43000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1584628060.0000022959475000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1549008784.0000022959A62000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524234410.000002295941E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1526721995.0000022959905000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://h2.readthedocs.iouser.exe, 00000000.00000003.1369355123.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462146123.00000245209C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://ocsp.accv.es4~user.exe, 00000007.00000003.1532372203.0000022959AE5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1587771128.0000022959AFF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1545235200.0000022959AFE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_codeuser.exe, 00000002.00000002.2619623100.000001B295490000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://wwww.certigna.fr/autorites/0muser.exe, 00000002.00000003.1421141726.000001B2961CD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532372203.0000022959AE5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1534313123.0000022959B29000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1588628384.0000022959B2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readeruser.exe, 00000002.00000002.2619126307.000001B293BA8000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1527184461.00000229575A2000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1562515908.00000229575D1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1563292594.0000022959173000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1579761417.0000022959175000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524321430.0000022959170000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://payments.google.com/payments/v4/js/integrator.jsuser.exe, 00000002.00000002.2623880663.000001B2968A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://raw.github.com/python-hyper/documentation/master/source/logo/hyper-black-bg-white.pnguser.exe, 00000000.00000003.1369355123.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462146123.00000245209C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://github.com/python/cpython/issues/86361.user.exe, 00000002.00000003.1390949588.000001B295B7E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1390060263.000001B295B7E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421669744.000001B295B7D000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1390303985.000001B295A34000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1389494302.000001B295E80000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621109580.000001B295B67000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1584131705.00000229593BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://repository.swisssign.com/muser.exe, 00000002.00000003.1421492929.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://httpbin.org/user.exe, 00000007.00000003.1545611948.0000022959490000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.apache.org/licenses/user.exe, 00000000.00000003.1366646900.0000027A3E321000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1458538738.00000245209C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://requests.readuser.exe, 00000002.00000003.1390949588.000001B295B7E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1390060263.000001B295B7E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1389176083.000001B295B7E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1389544051.000001B295B7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainuser.exe, 00000000.00000003.1366313980.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1457542424.00000245209C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://wwww.certigna.fr/autorites/user.exe, 00000002.00000003.1421492929.000001B2961F9000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532372203.0000022959AE5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1534313123.0000022959B29000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1588628384.0000022959B2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_moduleuser.exe, 00000002.00000002.2619623100.000001B295490000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesuser.exe, 00000002.00000002.2619623100.000001B295490000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535user.exe, 00000002.00000002.2621747627.000001B295EDA000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524116544.0000022959515000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532495083.0000022959516000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1574461610.0000022959516000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1480691004.0000022959515000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524506481.0000022959515000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1482351531.0000022959515000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://cryptography.io/en/latest/installation/user.exe, 00000000.00000003.1366313980.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1457542424.00000245209C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syuser.exe, 00000002.00000002.2619126307.000001B293BA8000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1527184461.00000229575A2000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1562515908.00000229575D1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1563292594.0000022959173000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1579761417.0000022959175000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524321430.0000022959170000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://python-hyper.org/en/latest/contributing.htmluser.exe, 00000000.00000003.1369355123.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462146123.00000245209C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://packaging.python.org/en/latest/specifications/core-metadata/#core-metadatauser.exe, 00000002.00000002.2623413937.000001B296370000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-error0user.exe, 00000007.00000002.1590791512.000002295A15C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://crl.securetrust.com/STCA.crluser.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://h2.readthedocs.io/en/latest/user.exe, 00000000.00000003.1369355123.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462146123.00000245209C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                http://wwwsearch.sf.net/):user.exe, 00000002.00000003.1392791148.000001B296102000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B295EDA000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B295FDD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621109580.000001B295A20000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1584186864.00000229593D8000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1481704199.000002295994C000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1481495642.0000022959A20000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://github.com/python/importlib_metadata/wiki/Development-Methodologyuser.exe, 00000002.00000002.2623527530.000001B2964C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0user.exe, 00000002.00000003.1421141726.000001B2961CD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532372203.0000022959AE5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1587771128.0000022959AFF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1545235200.0000022959AFE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.accv.es/legislacion_c.htmuser.exe, 00000002.00000003.1421492929.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532372203.0000022959AE5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://tools.ietf.org/html/rfc6125#section-6.4.3user.exe, 00000002.00000002.2623527530.000001B2964C0000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000007.00000003.1481946088.000002295947D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://cryptography.io/en/latest/security/user.exe, 00000000.00000003.1366313980.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1457542424.00000245209C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://crl.xrampsecurity.com/XGCA.crl0user.exe, 00000002.00000003.1421492929.000001B29611B000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B295EDA000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B29610A000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B295FDD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1586342647.00000229598FA000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520665223.00000229598D5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1545326033.0000022959911000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1556811900.0000022959912000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1530468425.00000229598F9000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1526721995.0000022959905000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.cert.fnmt.es/dpcs/user.exe, 00000002.00000002.2621747627.000001B295EDA000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B2961CD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1535125970.0000022959B14000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532372203.0000022959AE5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1554991563.000002295942E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1525011279.000002295941F000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524234410.000002295941E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1556347958.000002295947E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://google.com/mailuser.exe, 00000002.00000002.2621747627.000001B295EDA000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B295FDD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520665223.00000229598D5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1557709596.0000022959890000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1525493888.0000022959844000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://packaging.python.org/specifications/entry-points/user.exe, 00000002.00000002.2623303617.000001B296260000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000002.00000002.2623413937.000001B296370000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000007.00000002.1588969154.0000022959B90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.accv.es00user.exe, 00000002.00000003.1421492929.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B2961CD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532372203.0000022959AE5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1587771128.0000022959AFF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1545235200.0000022959AFE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://www.python.org/psf/license/)user.exe, 00000002.00000002.2631025301.00007FF8E78F8000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyuser.exe, 00000007.00000003.1524321430.0000022959170000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.google.com/user.exe, 00000002.00000002.2624678476.000001B297144000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://github.com/pyca/cryptography/issuesuser.exe, 00000005.00000003.1457542424.00000245209C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://readthedocs.org/projects/cryptography/badge/?version=latestuser.exe, 00000000.00000003.1366313980.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1457542424.00000245209C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://foss.heptapod.net/pypy/pypy/-/issues/3539user.exe, 00000002.00000003.1392435767.000001B295F24000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621634585.000001B295D40000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000007.00000002.1585152494.0000022959670000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000007.00000003.1480691004.0000022959515000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1482351531.0000022959515000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.user.exe, 00000002.00000003.1392364563.000001B295F92000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621109580.000001B295A20000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421669744.000001B295AD7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1480691004.0000022959515000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1526338996.0000022959533000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1482351531.0000022959515000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://google.com/user.exe, 00000002.00000002.2621109580.000001B295A20000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421669744.000001B295AD7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1481946088.000002295947D000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524116544.000002295948F000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1561217432.00000229594F0000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520563388.000002295948A000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1480691004.0000022959495000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1482351531.000002295948D000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1527277139.00000229594ED000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1545714532.00000229594EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://crl.securetrust.com/STCA.crlEuser.exe, 00000002.00000003.1421492929.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://html4/loose.dtduser.exe, 00000002.00000002.2627578878.00007FF8E6C46000.00000002.00000001.01000000.00000010.sdmp, user.exe, 00000007.00000002.1614451503.00007FF8E5C76000.00000002.00000001.01000000.00000029.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://mahler:8092/site-updates.pyuser.exe, 00000002.00000003.1421492929.000001B29611B000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1392895163.000001B29611B000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B29610A000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1392791148.000001B296118000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B29612A000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1525011279.000002295941F000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1553591785.0000022959484000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524234410.000002295941E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://crl.securetrust.com/SGCA.crluser.exe, 00000002.00000003.1421492929.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://.../back.jpeguser.exe, 00000002.00000002.2623756571.000001B2966C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://tools.ietf.org/html/rfc7231#section-4.3.6)user.exe, 00000002.00000003.1390949588.000001B295AEF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621109580.000001B295A20000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1481946088.00000229593F9000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1525011279.000002295941F000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1584353212.0000022959423000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524234410.000002295941E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://github.com/pyca/cryptographyuser.exe, 00000000.00000003.1366313980.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1457542424.00000245209C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://cryptography.io/user.exe, 00000005.00000003.1457542424.00000245209C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://httpbin.org/postuser.exe, 00000002.00000003.1390949588.000001B295B7E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1390060263.000001B295B7E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1389176083.000001B295B7E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1389544051.000001B295B7E000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421669744.000001B295B7D000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621109580.000001B295B67000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1481946088.00000229593F9000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1533380875.00000229593FF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1584238680.000002295940A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-erroruser.exe, 00000002.00000002.2623880663.000001B29682C000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000007.00000002.1590791512.000002295A15C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_sourceuser.exe, 00000002.00000002.2619623100.000001B295514000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://github.com/pyca/cryptography/user.exe, 00000000.00000003.1366313980.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1457542424.00000245209C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://github.com/Ousret/charset_normalizeruser.exe, 00000002.00000003.1421492929.000001B29611B000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B29610A000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B29612A000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524116544.000002295948F000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520563388.000002295948A000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1545611948.0000022959490000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://www.firmaprofesional.com/cps0user.exe, 00000002.00000003.1421141726.000001B2961CD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421669744.000001B295B7D000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B296174000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621109580.000001B295B67000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000002.1583915927.0000022959373000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532372203.0000022959AE5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1576165187.0000022959373000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1552656439.000002295936B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_specuser.exe, 00000002.00000002.2619623100.000001B295490000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://github.com/urllib3/urllib3/issues/2920user.exe, 00000002.00000002.2623527530.000001B2964C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://.cssuser.exe, 00000002.00000002.2627578878.00007FF8E6C46000.00000002.00000001.01000000.00000010.sdmp, user.exe, 00000007.00000002.1614451503.00007FF8E5C76000.00000002.00000001.01000000.00000029.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://crl.securetrust.com/SGCA.crl0user.exe, 00000002.00000002.2621109580.000001B295A20000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1535652585.0000022959812000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1528011348.00000229597FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://sandbox.google.com/payments/v4/js/integrator.jsuser.exe, 00000002.00000002.2624678476.000001B297118000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_datauser.exe, 00000002.00000003.1387568398.000001B2956D8000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2620603180.000001B2956B0000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1387249458.000001B2956DF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1387801808.000001B2956DE000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1563292594.0000022959173000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1579761417.0000022959175000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524321430.0000022959170000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://yahoo.com/user.exe, 00000002.00000002.2621747627.000001B295EDA000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B295FDD000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520665223.00000229598D5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1557709596.0000022959890000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1525493888.0000022959844000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://crl.securetrust.com/STCA.crl0user.exe, 00000002.00000002.2621109580.000001B295A20000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1535652585.0000022959812000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1528011348.00000229597FB000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1554544679.0000022959815000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6user.exe, 00000002.00000002.2620603180.000001B2956B0000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520348822.000002295918A000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1524800001.0000022959197000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1530618628.00000229591AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://github.com/python-hyper/h2user.exe, 00000000.00000003.1369355123.0000027A3E324000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000005.00000003.1462146123.00000245209C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://html.spec.whatwg.org/multipage/user.exe, 00000002.00000002.2621747627.000001B295EDA000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1392435767.000001B295F24000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1520665223.00000229598BB000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1545129782.00000229598C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://www.quovadisglobal.com/cps0user.exe, 00000002.00000003.1421855039.000001B2960E6000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.2621747627.000001B2960DE000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.1421141726.000001B2960DE000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1518981653.0000022959AA7000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000007.00000003.1532731618.0000022959AC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high

                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                        Public IPs

                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                        149.154.167.220
                                                                                                                                                                                        		api.telegram.orgUnited Kingdom
                                                                                                                                                                                        		62041TELEGRAMRUfalse

                                                                                                                                                                                        General Information

                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                        Analysis ID:1584838
                                                                                                                                                                                        Start date and time:2025-01-06 16:01:11 +01:00
                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                        Overall analysis duration:0h 11m 12s
                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                        Report type:full
                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                        Number of analysed new started processes analysed:17
                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                        Number of injected processes analysed:1
                                                                                                                                                                                        Technologies:
                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                        Sample name:user.exe
                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                        Classification:mal60.troj.evad.winEXE@12/145@1/1
                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                        • Number of executed functions: 68
                                                                                                                                                                                        • Number of non-executed functions: 269
                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                                                                                        Warnings

                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, consent.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 13.107.246.45, 4.245.163.56, 172.202.163.200
                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, 6.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa, slscr.update.microsoft.com, otelrules.azureedge.net, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                        Simulations

                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                        15:02:13Task SchedulerRun new task: WindowsUpdateService path: C:\Users\user\Desktop\user.exe

                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                        IPs

                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                        149.154.167.220UpdaterTool.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          document pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                            fiyati_teklif 615TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                              yxU3AgeVTi.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                ITT # KRPBV2663 .docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                  PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                    kP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=vyczmuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#changyeol.choi@hyundaielevator.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=rmgfuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=olgelfuabFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                            Domains

                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            api.telegram.orgUpdaterTool.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                                            document pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                                            fiyati_teklif 615TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                                            yxU3AgeVTi.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                                            ITT # KRPBV2663 .docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                                            PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                                            kP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                                            https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=vyczmuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#changyeol.choi@hyundaielevator.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                                            https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=rmgfuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                                            https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=olgelfuabFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 149.154.167.220

                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            TELEGRAMRUUpdaterTool.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                                            document pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                                            fiyati_teklif 615TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                                            yxU3AgeVTi.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                                            ITT # KRPBV2663 .docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                                            PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                                            kP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                                            https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=vyczmuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#changyeol.choi@hyundaielevator.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                                            https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=rmgfuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                                            https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=olgelfuabFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 149.154.167.220

                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                            No context

                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75642\Pythonwin\mfc140u.dllUpdaterTool.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              main.exeGet hashmaliciousPython Stealer, Discord Token Stealer, PRYSMAX STEALERBrowse
                                                                                                                                                                                                                main.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  user.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    DeltaX.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      zapret.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        winws1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          zapret.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            zapret.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              discord.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI75642\Pythonwin\win32ui.pydUpdaterTool.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  user.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    List Furniture.batGet hashmaliciousPython Stealer, BraodoBrowse

                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\Pythonwin\mfc140u.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5653536
                                                                                                                                                                                                                                      Entropy (8bit):6.729079283804055
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:ULnsrdZXUTQyJa9qgUUjlQNXkW8GCBTDgHsYogTYn3s3pQMqSj+vTCfEs7ATWYls:UoJUEUYS3zUQFLOAkGkzdnEVomFHKnP+
                                                                                                                                                                                                                                      MD5:CD1D99DF975EE5395174DF834E82B256
                                                                                                                                                                                                                                      SHA1:F395ADA2EFC6433B34D5FBC5948CB47C7073FA43
                                                                                                                                                                                                                                      SHA-256:D8CA1DEA862085F0204680230D29BFF4D168FFF675AB4700EEAF63704D995CB3
                                                                                                                                                                                                                                      SHA-512:397F725E79CA2C68799CF68DFB111A1570427F3D2175D740758C387BDAA508BC9014613E997B92FC96E884F66BB17F453F8AA035731AFD022D9A4E7095616F87
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                      • Filename: UpdaterTool.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: user.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: DeltaX.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: zapret.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: winws1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: zapret.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: zapret.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: discord.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.cu...&...&...&...'...&...'...&...'...&..&...&G..'...&G..'...&...'...&...&..&G..'...&G..'...&G..'...&G..'...&G..&...&G..'...&Rich...&................PE..d...9.:e.........." .....(-..X)......X,.......................................V.....&~V...`A..........................................:.....h.;.......?......`=..8....V. (...PU.0p..P.5.T...........................`...8............@-.P...(.:......................text....&-......(-................. ..`.rdata.......@-......,-.............@..@.data....6... <.......<.............@....pdata...8...`=..:....<.............@..@.didat..H.....?.......?.............@....rsrc.........?.......?.............@..@.reloc..0p...PU..r....T.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\Pythonwin\win32ui.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1044992
                                                                                                                                                                                                                                      Entropy (8bit):6.005174713821525
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:cVDH7h88c4vGmhhbrGRUDG+AYZ2OWTw/3EnrE:sDHdRcgFv8qWTwco
                                                                                                                                                                                                                                      MD5:9AF5F53A9201B7E62AC91EDC8AB89C6A
                                                                                                                                                                                                                                      SHA1:4DDFE7AF2248A76B5DB90AF0EAF4C80E2B4CD6DB
                                                                                                                                                                                                                                      SHA-256:F84528FC136D8ABAE77543B8E9E8C9489C4495C491807907E675C15F028816F6
                                                                                                                                                                                                                                      SHA-512:0581BA9951452BD7B2A193B8D73573B49CB8115468B6AF8B988628670A768A6882AC4C2C9FAA559F731ADD4378DCF606C3FFEEF96AD8A479B272E6C429DC1293
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                      • Filename: UpdaterTool.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: user.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: List Furniture.bat, Detection: malicious, Browse
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;`K.Z...Z...Z..."...Z..=/...Z.......Z..."...Z.../...Z.../...Z.../...Z...Z...\.../...Z..=/...Z..=/...Z..=/...Z..=/...Z..Rich.Z..........................PE..d...~..g.........." .....|...r......T1....................................................`.............................................T......h............p..............0..`\......T.......................(.......8................0...........................text....z.......|.................. ..`.rdata.............................@..@.data........P.......6..............@....pdata......p......................@..@.rsrc................z..............@..@.reloc..`\...0...^..................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\VCRUNTIME140.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):120400
                                                                                                                                                                                                                                      Entropy (8bit):6.6017475353076716
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:N9TXF5LLXQLlNycKW+D4SdqJk6aN1ACuyxLiyazYaCVoecbdhgOwAd+zfZ1zu:N9jelDoD9uyxLizzFzecbdPwA87S
                                                                                                                                                                                                                                      MD5:862F820C3251E4CA6FC0AC00E4092239
                                                                                                                                                                                                                                      SHA1:EF96D84B253041B090C243594F90938E9A487A9A
                                                                                                                                                                                                                                      SHA-256:36585912E5EAF83BA9FEA0631534F690CCDC2D7BA91537166FE53E56C221E153
                                                                                                                                                                                                                                      SHA-512:2F8A0F11BCCC3A8CB99637DEEDA0158240DF0885A230F38BB7F21257C659F05646C6B61E993F87E0877F6BA06B347DDD1FC45D5C44BC4E309EF75ED882B82E4E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\=..\...\...\..S$...\...$...\...\..5\...\...\.....\.....\.....\.....\......\.....\..Rich.\..........PE..d.....x.........." ...).$...d............................................................`A........................................0u..4...d}..........................PP...........^..p............................\..@............@...............................text............................... ..`fothk........0...................... ..`.rdata...C...@...D...(..............@..@.data................l..............@....pdata...............p..............@..@_RDATA...............|..............@..@.rsrc................~..............@..@.reloc..............................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):49744
                                                                                                                                                                                                                                      Entropy (8bit):6.701724666218339
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:ApzzO6ujT3MbR3v0Cz6SR8q83yaFdWr9zRcmgEl6U9zSC:9q/oGw3fFdwzRcmZFzSC
                                                                                                                                                                                                                                      MD5:68156F41AE9A04D89BB6625A5CD222D4
                                                                                                                                                                                                                                      SHA1:3BE29D5C53808186EBA3A024BE377EE6F267C983
                                                                                                                                                                                                                                      SHA-256:82A2F9AE1E6146AE3CB0F4BC5A62B7227E0384209D9B1AEF86BBCC105912F7CD
                                                                                                                                                                                                                                      SHA-512:F7BF8AD7CD8B450050310952C56F6A20B378A972C822CCC253EF3D7381B56FFB3CA6CE3323BEA9872674ED1C02017F78AB31E9EB9927FC6B3CBA957C247E5D57
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.{...{...{...0...y.......y...r.H.p...{...H.......|.......`.......~.......z.....$.z.......z...Rich{...........PE..d...l0.?.........." ...).<...8.......@...............................................b....`A........................................pm.......m..x....................r..PP......D....c..p...........................`b..@............P..`............................text....;.......<.................. ..`.rdata.."#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\_brotli.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):823808
                                                                                                                                                                                                                                      Entropy (8bit):6.062213302300903
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:XO85hNmCUoltfSNAHhlyp8aXTw05nmZfR:XTT6AzRAmZfR
                                                                                                                                                                                                                                      MD5:5ED46A7126DBDB70F3C60530E35BA035
                                                                                                                                                                                                                                      SHA1:B5C0DCBE3EE42E258CADD54AC46F70F1F903AE1B
                                                                                                                                                                                                                                      SHA-256:67DFA82DCAED04ED3F358D84B18D1375D59126161DE92E00164D36087B179D4D
                                                                                                                                                                                                                                      SHA-512:7F5D2B52C310A239182EEDD60833951D46CDD18CA2EDD828FCABED4299B2AB5DF506A2B271E33F129D0256D6DB90F9C902EE4D18A7E41CA61F65365504451DE0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."/a.fN..fN..fN..o6..nN..v...dN..-6..dN..v...eN..v...nN..v...kN......eN..fN..[N......FN......gN......gN......gN..RichfN..........PE..d....Q.g.........." ...).L...H.......O....................................................`......................................... t..`....t.................. ....................J..............................`I..@............`...............................text...XJ.......L.................. ..`.rdata.......`.......P..............@..@.data................l..............@....pdata.. ............t..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\_bz2.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):84240
                                                                                                                                                                                                                                      Entropy (8bit):6.607563436050078
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:Kdrz7l1EVLsSuvX3dUK4MLgqK7YEog8y5sV8lIJLVy7SyFB:urzcuvXvrEo7y6V8lIJLVyB
                                                                                                                                                                                                                                      MD5:CB8C06C8FA9E61E4AC5F22EEBF7F1D00
                                                                                                                                                                                                                                      SHA1:D8E0DFC8127749947B09F17C8848166BAC659F0D
                                                                                                                                                                                                                                      SHA-256:FC3B481684B926350057E263622A2A5335B149A0498A8D65C4F37E39DD90B640
                                                                                                                                                                                                                                      SHA-512:E6DA642B7200BFB78F939F7D8148581259BAA9A5EDDA282C621D14BA88083A9B9BD3D17B701E9CDE77AD1133C39BD93FC9D955BB620546BB4FCF45C68F1EC7D6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e...!m..!m..!m..(.o.+m..1...#m..1..."m..1...%m..1...)m..1...,m..i..."m..j...#m..!m..|m..i...)m..i... m..i... m..i... m..Rich!m..........PE..d.....g.........." ...).....\......0........................................P......7[....`.............................................H...(........0....... .. ......../...@..........T...........................`...@...............x............................text............................... ..`.rdata...=.......>..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\_cffi_backend.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):179200
                                                                                                                                                                                                                                      Entropy (8bit):6.189919896183334
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:X3LjFuaTzDGA3GrJwUdoSPhpRv9JUizQWS7LkSTLkKWgFIPXD0:X3QaT3GA3NSPhDsizTikSTLLWgF0z0
                                                                                                                                                                                                                                      MD5:5CBA92E7C00D09A55F5CBADC8D16CD26
                                                                                                                                                                                                                                      SHA1:0300C6B62CD9DB98562FDD3DE32096AB194DA4C8
                                                                                                                                                                                                                                      SHA-256:0E3D149B91FC7DC3367AB94620A5E13AF6E419F423B31D4800C381468CB8AD85
                                                                                                                                                                                                                                      SHA-512:7AB432C8774A10F04DDD061B57D07EBA96481B5BB8C663C6ADE500D224C6061BC15D17C74DA20A7C3CEC8BBF6453404D553EBAB22D37D67F9B163D7A15CF1DED
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......i..#-p.p-p.p-p.p$..p!p.p=.q/p.p=.zp)p.p=.q)p.p=.q%p.p=.q!p.pf..q)p.p9.q.p.p-p.p.p.pe..q)p.p$..p,p.pe..q,p.pe.xp,p.pe..q,p.pRich-p.p........................PE..d..._..f.........." ...).....B......@........................................0............`..........................................h..l....i..................T............ ......0O...............................M..@............................................text............................... ..`.rdata..............................@..@.data....].......0...n..............@....pdata..T...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\_ctypes.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):131344
                                                                                                                                                                                                                                      Entropy (8bit):6.311142284249784
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:3RF024DWkT/DKGkXY402iXnVJf/FO50XnekZ39gPhvEQZIJyPArm:j0nHT/DKFXZorf/FO50uW3SEQt
                                                                                                                                                                                                                                      MD5:A55E57D7594303C89B5F7A1D1D6F2B67
                                                                                                                                                                                                                                      SHA1:904A9304A07716497CF3E4EAAFD82715874C94F1
                                                                                                                                                                                                                                      SHA-256:F63C6C7E71C342084D8F1A108786CA6975A52CEFEF8BE32CC2589E6E2FE060C8
                                                                                                                                                                                                                                      SHA-512:FFA61AD2A408A831B5D86B201814256C172E764C9C1DBE0BD81A2E204E9E8117C66F5DFA56BB7D74275D23154C0ED8E10D4AE8A0D0564434E9761D754F1997FC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h~..............q...............................................q.......q......!u.............................................Rich....................PE..d.....g.........." ...).............h....................................... .......Z....`.........................................P.................................../...........=..T............................;..@............0...............................text............................... ..`.rdata...y...0...z..................@..@.data....$....... ..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\_decimal.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):277776
                                                                                                                                                                                                                                      Entropy (8bit):6.5855511991551
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:x9iD78EIq4x4OA5bZZ0KDgQcI79qWM53pLW1AFR8E4wXw76TPlpV77777VMvyk:xwDGqr5b8EgQ5+w6k
                                                                                                                                                                                                                                      MD5:F3377F3DE29579140E2BBAEEFD334D4F
                                                                                                                                                                                                                                      SHA1:B3076C564DBDFD4CA1B7CC76F36448B0088E2341
                                                                                                                                                                                                                                      SHA-256:B715D1C18E9A9C1531F21C02003B4C6726742D1A2441A1893BC3D79D7BB50E91
                                                                                                                                                                                                                                      SHA-512:34D9591590BBA20613691A5287EF329E5927A58127CE399088B4D68A178E3AF67159A8FC55B4FCDCB08AE094753B20DEC2AC3F0B3011481E4ED6F37445CECDD5
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j2U..\...\...\..s....\..]...\.._...\..X...\..Y...\...]...\..s]...\...].z.\..._...\...Q...\...\...\.......\...^...\.Rich..\.........................PE..d......g.........." ...).....Z...............................................P......W.....`.................................................L........0..........t+......./...@..........T...............................@............... ............................text.............................. ..`.rdata..\...........................@..@.data...8'......."..................@....pdata..t+.......,..................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\_hashlib.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):64272
                                                                                                                                                                                                                                      Entropy (8bit):6.220967684620152
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:eNJI0DWiflFwY9X3Th1JnptE462TxNvdbj4dIJvI75YiSyvE62Em:2LDxflFwY9XDhPfVNv+dIJvIF7Syc6c
                                                                                                                                                                                                                                      MD5:32D76C9ABD65A5D2671AEEDE189BC290
                                                                                                                                                                                                                                      SHA1:0D4440C9652B92B40BB92C20F3474F14E34F8D62
                                                                                                                                                                                                                                      SHA-256:838D5C8B7C3212C8429BAF612623ABBBC20A9023EEC41E34E5461B76A285B86C
                                                                                                                                                                                                                                      SHA-512:49DC391F4E63F4FF7D65D6FD837332745CC114A334FD61A7B6AA6F710B235339964B855422233FAC4510CCB9A6959896EFE880AB24A56261F78B2A0FD5860CD9
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W.A.6...6...6...N%..6.......6.......6.......6.......6.......6...N...6.......6...6..26.......6.......6....I..6.......6..Rich.6..........PE..d......g.........." ...).P...~.......=..............................................!.....`.........................................p...P................................/......X....l..T............................k..@............`...............................text....N.......P.................. ..`.rdata...M...`...N...T..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\_lzma.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):157968
                                                                                                                                                                                                                                      Entropy (8bit):6.854644275249963
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:KbbS4R/G4Z8r7NjwJTSUqCRY4By7znfB9mNowgn0lCelIJ012+j:KbR/8oWeBi5YOwflCe8o
                                                                                                                                                                                                                                      MD5:1BA022D42024A655CF289544AE461FB8
                                                                                                                                                                                                                                      SHA1:9772A31083223ECF66751FF3851D2E3303A0764C
                                                                                                                                                                                                                                      SHA-256:D080EABD015A3569813A220FD4EA74DFF34ED2A8519A10473EB37E22B1118A06
                                                                                                                                                                                                                                      SHA-512:2B888A2D7467E29968C6BB65AF40D4B5E80722FFDDA760AD74C912F3A2F315D402F3C099FDE82F00F41DE6C9FAAEDB23A643337EB8821E594C567506E3464C62
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V.,.V.,.V.,...,.V.,..-.V.,..-.V.,..-.V.,..-.V.,..-.V.,...-.V.,.V.,.V.,..-.V.,..-.V.,..u,.V.,..-.V.,Rich.V.,................PE..d......g.........." ...).`...........1.......................................p.......P....`.............................................L.......x....P.......0.......:.../...`..4....|..T...........................P{..@............p...............................text...^^.......`.................. ..`.rdata.......p.......d..............@..@.data........ ......................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..4....`.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\_queue.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):33552
                                                                                                                                                                                                                                      Entropy (8bit):6.446391764486538
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:7GpPCRjqMu/AoS6rf7sif0NHQibZIJ9UoOHQIYiSy1pCQ5xX1rSJIVE8E9VF0Nyf:fkTM6rg9aeZIJ9Uok5YiSyvTo2Et
                                                                                                                                                                                                                                      MD5:1C03CAA59B5E4A7FB9B998D8C1DA165A
                                                                                                                                                                                                                                      SHA1:8A318F80A705C64076E22913C2206D9247D30CD7
                                                                                                                                                                                                                                      SHA-256:B9CF502DADCB124F693BF69ECD7077971E37174104DBDA563022D74961A67E1E
                                                                                                                                                                                                                                      SHA-512:783ECDA7A155DFC96A718D5A130FB901BBECBED05537434E779135CBA88233DD990D86ECA2F55A852C9BFB975074F7C44D8A3E4558D7C2060F411CE30B6A915F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T...........-.........................................................................A...........Rich...................PE..d.....g.........." ...).....:.......................................................r....`.........................................PD..L....D..d....p.......`..l....T.../..........@4..T............................3..@............0...............................text............................... ..`.rdata..2....0....... ..............@..@.data........P.......>..............@....pdata..l....`.......D..............@..@.rsrc........p.......H..............@..@.reloc...............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\_socket.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):83728
                                                                                                                                                                                                                                      Entropy (8bit):6.331814573029388
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:XuV3gvWHQdMq3ORC/OypTXQlyJ+9+nzEYwsBI6tzOKuZIJywJ7Sy21:XuVQvcQTSypTXQlyJs+nzEYJI6QlZIJY
                                                                                                                                                                                                                                      MD5:FE896371430BD9551717EF12A3E7E818
                                                                                                                                                                                                                                      SHA1:E2A7716E9CE840E53E8FC79D50A77F40B353C954
                                                                                                                                                                                                                                      SHA-256:35246B04C6C7001CA448554246445A845CE116814A29B18B617EA38752E4659B
                                                                                                                                                                                                                                      SHA-512:67ECD9A07DF0A07EDD010F7E3732F3D829F482D67869D6BCE0C9A61C24C0FDC5FF4F4E4780B9211062A6371945121D8883BA2E9E2CF8EB07B628547312DFE4C9
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............ll}.ll}.ll}...}.ll}..m|.ll}..o|.ll}..h|.ll}..i|.ll}..m|.ll}.lm}.ll}..m|.ll}..a|.ll}..l|.ll}..}.ll}..n|.ll}Rich.ll}........PE..d.....g.........." ...).x.......... -.......................................`.......s....`.........................................@...P............@.......0.........../...P..........T...........................@...@............................................text....w.......x.................. ..`.rdata.. y.......z...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\_ssl.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):181520
                                                                                                                                                                                                                                      Entropy (8bit):5.972827303352998
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:kO+IWyXHllRhN1qhep7fM6CpqjZI8u7pUULbaLZErWreVEzvT3iFCNc6tYwJc1OW:kpSrhN1E2M6CpUuwg5dEW7
                                                                                                                                                                                                                                      MD5:1C0E3E447F719FBE2601D0683EA566FC
                                                                                                                                                                                                                                      SHA1:5321AB73B36675B238AB3F798C278195223CD7B1
                                                                                                                                                                                                                                      SHA-256:63AE2FEFBFBBBC6EA39CDE0A622579D46FF55134BC8C1380289A2976B61F603E
                                                                                                                                                                                                                                      SHA-512:E1A430DA2A2F6E0A1AED7A76CC4CD2760B3164ABC20BE304C1DB3541119942508E53EA3023A52B8BADA17A6052A7A51A4453EFAD1A888ACB3B196881226C2E5C
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FM.^.,k..,k..,k..T...,k...j..,k...h..,k...o..,k...n..,k.J.j..,k...j..,k..,j..-k.ITj..,k.J.f..,k.J.k..,k.J....,k.J.i..,k.Rich.,k.................PE..d......g.........." ...)............ /..............................................R\....`.............................................d................................/..............T...........................P...@............................................text...0........................... ..`.rdata..D%.......&..................@..@.data...`...........................@....pdata...............n..............@..@.rsrc................z..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\_wmi.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):38160
                                                                                                                                                                                                                                      Entropy (8bit):6.338856805460127
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:fEkK9VgWOZbs3550QcJpPllIJLiX5YiSyvQ602Euf0:fE93jkbQcJvlIJLiJ7Syq00
                                                                                                                                                                                                                                      MD5:1C30CC7DF3BD168D883E93C593890B43
                                                                                                                                                                                                                                      SHA1:31465425F349DAE4EDAC9D0FEABC23CE83400807
                                                                                                                                                                                                                                      SHA-256:6435C679A3A3FF4F16708EBC43F7CA62456C110AC1EA94F617D8052C90C143C7
                                                                                                                                                                                                                                      SHA-512:267A1807298797B190888F769D998357B183526DFCB25A6F1413E64C5DCCF87F51424B7E5D6F2349D7A19381909AB23B138748D8D9F5858F7DC0552F5C5846AC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H2.&a.&a.&a..a.&a..'`.&a..%`.&a.."`.&a..'`.&a..#`.&a..'`.&a.'a..&a.."`.&a../`.&a..&`.&a...a.&a..$`.&aRich.&a................PE..d.....g.........." ...).,...<.......)..............................................'.....`.........................................0V..H...xV.......................f.../......x...tG..T............................C..@............@.......T..@....................text....*.......,.................. ..`.rdata..d ...@..."...0..............@..@.data........p.......R..............@....pdata...............V..............@..@.rsrc................Z..............@..@.reloc..x............d..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\base_library.zip

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1394456
                                                                                                                                                                                                                                      Entropy (8bit):5.531698507573688
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:IW7WpLV6yNLeGQbVz3YQfiBgDPtLwjFx278e6ZQnHS91lqyL+DXUgnxOr+dx5/GO:B7WpLtHa9BHSHAW+dx5/GP05vddD
                                                                                                                                                                                                                                      MD5:A9CBD0455B46C7D14194D1F18CA8719E
                                                                                                                                                                                                                                      SHA1:E1B0C30BCCD9583949C247854F617AC8A14CBAC7
                                                                                                                                                                                                                                      SHA-256:DF6C19637D239BFEDC8CD13D20E0938C65E8FDF340622FF334DB533F2D30FA19
                                                                                                                                                                                                                                      SHA-512:B92468E71490A8800E51410DF7068DD8099E78C79A95666ECF274A9E9206359F049490B8F60B96081FAFD872EC717E67020364BCFA972F26F0D77A959637E528
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:PK..........!..b.e............_collections_abc.pyc......................................\.....S.r.S.S.K.J.r.J.r. .S.S.K.r.\.".\.\.....5.......r.\.".S.5.......r.S...r.\.".\.5.......r.C./.S.Q.r.S.r.\.".\.".S.5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".0.R%..................5.......5.......5.......r.\.".\.".0.R)..................5.......5.......5.......r.\.".\.".0.R-..................5.......5.......5.......r.\.".\."./.5.......5.......r.\.".\.".\."./.5.......5.......5.......r.\.".\.".\.".S.5.......5.......5.......r.\.".\.".\.".S.S.-...5.......5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".S.5.......5.......r \.".\.".S.5.......5.......r!\.".\.".\"".5.......5.......5.......r#\.".0.R%..................5.......5.......r$\.".0.R)..................5.......5.......r%\.".0.R-..................5.......5.......r&\.".\.RN..................5.......r(S...r)\)".5.......r*C)\.".S...".5.......5.......r+S...r,\,".5.......r,\.".\,5.......r-\,R]..................5.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\certifi\cacert.pem

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):299427
                                                                                                                                                                                                                                      Entropy (8bit):6.047872935262006
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                                                      MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                                                      SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                                                      SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                                                      SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\charset_normalizer\md.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10752
                                                                                                                                                                                                                                      Entropy (8bit):4.818583535960129
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:Mvs10hZd9D74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCFCCQAADo+cX6m:MXv9XFCk2z1/t12iwU5usJFuCyPcqgE
                                                                                                                                                                                                                                      MD5:56FE4F6C7E88212161F49E823CCC989A
                                                                                                                                                                                                                                      SHA1:16D5CBC5F289AD90AEAA4FF7CB828627AC6D4ACF
                                                                                                                                                                                                                                      SHA-256:002697227449B6D69026D149CFB220AC85D83B13056C8AA6B9DAC3FD3B76CAA4
                                                                                                                                                                                                                                      SHA-512:7C9D09CF9503F73E6F03D30E54DBB50606A86D09B37302DD72238880C000AE2B64C99027106BA340753691D67EC77B3C6E5004504269508F566BDB5E13615F1E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k............r_...........r................................................3..........Rich....................PE..d....$.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\charset_normalizer\md__mypyc.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):124928
                                                                                                                                                                                                                                      Entropy (8bit):5.953784637413928
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:JDE+0ov6ojgN3qN8h51Zlh+YW5E38vCsmLS:JdefPZE2ICDLS
                                                                                                                                                                                                                                      MD5:10116447F9276F10664BA85A5614BA3A
                                                                                                                                                                                                                                      SHA1:EFD761A3E6D14E897D37AFB0C7317C797F7AE1D6
                                                                                                                                                                                                                                      SHA-256:C393098E7803ABF08EE8F7381AD7B0F8FAFFBF66319C05D72823308E898F8CFC
                                                                                                                                                                                                                                      SHA-512:C04461E52B7FE92D108CBDEB879B7A8553DD552D79C88DFA3F5D0036EED8D4B8C839C0BF2563BC0C796F8280ED2828CA84747CB781D2F26B44214FCA2091EAE4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y.....................7...............7.......7.......7.......6..........D....6.......6.......6.......6......Rich............................PE..d....$.g.........." ...).@...........C.......................................0............`.........................................0...d.................................... ......................................P...@............P...............................text....?.......@.................. ..`.rdata..nY...P...Z...D..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\cryptography-43.0.3.dist-info\INSTALLER

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                                                                                      Entropy (8bit):1.5
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:Mn:M
                                                                                                                                                                                                                                      MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                      SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                      SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                      SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:pip.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\cryptography-43.0.3.dist-info\METADATA

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5440
                                                                                                                                                                                                                                      Entropy (8bit):5.074230645519915
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:DloQIUQIhQIKQILbQIRIaMPktjaVxsxA2TLLDmplH7dwnqTIvrUmA0JQTQCQx5KN:RcPuP1srTLLDmplH7JTIvYX0JQTQ9x54
                                                                                                                                                                                                                                      MD5:C891CD93024AF027647E6DE89D0FFCE2
                                                                                                                                                                                                                                      SHA1:01D8D6F93F1B922A91C82D4711BCEFB885AD47B0
                                                                                                                                                                                                                                      SHA-256:EB36E0E4251E8479EF36964440755EF22BEDD411BA87A93F726FA8E5BB0E64B0
                                                                                                                                                                                                                                      SHA-512:3386FBB3DCF7383B2D427093624C531C50BE34E3E0AA0984547B953E04776D0D431D5267827F4194A9B0AD1AB897869115623E802A6A1C5D2AE1AD82C96CCE71
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:Metadata-Version: 2.3.Name: cryptography.Version: 43.0.3.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\cryptography-43.0.3.dist-info\RECORD

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):15485
                                                                                                                                                                                                                                      Entropy (8bit):5.562603127346912
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:1XxTB7oz5jF4EHRThXsI4WPm6LciTwqU+NX6in5hqw/t+B:1XX7ohCE3sIPm6LciTwqU+96inhgB
                                                                                                                                                                                                                                      MD5:196EB487FE23136C14B43FE28FD62DAD
                                                                                                                                                                                                                                      SHA1:B7878EA852FA6C6A9B173E60B81029B5B00BA691
                                                                                                                                                                                                                                      SHA-256:4032FF71C85740D209A454E06F96CBC56302ACEC18E1BD539D39369292DB2110
                                                                                                                                                                                                                                      SHA-512:F2052E1F42C8EC69DCF501FFA32B27AEC939E769786BEE1F95C24466C774987F5AA8C13B5996D6C59D04755442EB421E53E0AE5EE0148872F9BD9FE01CF3FC8E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:cryptography-43.0.3.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-43.0.3.dist-info/METADATA,sha256=6zbg5CUehHnvNpZEQHVe8ivt1BG6h6k_cm-o5bsOZLA,5440..cryptography-43.0.3.dist-info/RECORD,,..cryptography-43.0.3.dist-info/WHEEL,sha256=8_4EnrLvbhzH224YH8WypoB7HFn-vpbwr_zHlr3XUBI,94..cryptography-43.0.3.dist-info/license_files/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-43.0.3.dist-info/license_files/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-43.0.3.dist-info/license_files/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=-FkHKD9mSuEfH37wsSKnQzJZmL5zUAUTpB5OeUQjPE0,445..cryptography/__init__.py,sha256=mthuUrTd4FROCpUYrTIqhjz6s6T9djAZrV7nZ1oMm2o,364..cryptography/__pycache__/__about__.cpython-313.pyc,,..cryptography/__pycache__/__init__.cpython-313.pyc,,..cryptography/__pycache__/exceptions.cpython-313.pyc,,..cryptography/__p

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\cryptography-43.0.3.dist-info\WHEEL

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):94
                                                                                                                                                                                                                                      Entropy (8bit):5.016084900984752
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:RtEeX5pGogP+tkKciH/KQb:RtvoTWKTQb
                                                                                                                                                                                                                                      MD5:C869D30012A100ADEB75860F3810C8C9
                                                                                                                                                                                                                                      SHA1:42FD5CFA75566E8A9525E087A2018E8666ED22CB
                                                                                                                                                                                                                                      SHA-256:F3FE049EB2EF6E1CC7DB6E181FC5B2A6807B1C59FEBE96F0AFFCC796BDD75012
                                                                                                                                                                                                                                      SHA-512:B29FEAF6587601BBE0EDAD3DF9A87BFC82BB2C13E91103699BABD7E039F05558C0AC1EF7D904BCFAF85D791B96BC26FA9E39988DD83A1CE8ECCA85029C5109F0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:Wheel-Version: 1.0.Generator: maturin (1.7.0).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\cryptography-43.0.3.dist-info\license_files\LICENSE

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):197
                                                                                                                                                                                                                                      Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                                      MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                                      SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                                      SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                                      SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\cryptography-43.0.3.dist-info\license_files\LICENSE.APACHE

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):11360
                                                                                                                                                                                                                                      Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                                      MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                                      SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                                      SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                                      SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\cryptography-43.0.3.dist-info\license_files\LICENSE.BSD

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1532
                                                                                                                                                                                                                                      Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                                      MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                                      SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                                      SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                                      SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):7834624
                                                                                                                                                                                                                                      Entropy (8bit):6.517862303223651
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:oFNZj7fIo9W67PapgzJTkrXyzNzpXAbuiqCgIns3mYEXEqMrIU6i7GtlqdVwASO/:QI9X/gIFYEXME+oFNr5VQCJheq4BsxH
                                                                                                                                                                                                                                      MD5:BFD28B03A4C32A9BCB001451FD002F67
                                                                                                                                                                                                                                      SHA1:DD528FD5F4775E16B2E743D3188B66F1174807B2
                                                                                                                                                                                                                                      SHA-256:8EF0F404A8BFF12FD6621D8F4F209499613F565777FE1C2A680E8A18F312D5A7
                                                                                                                                                                                                                                      SHA-512:6DC39638435F147B399826E34F78571D7ED2ED1232275E213A2B020224C0645E379F74A0CA5DE86930D3348981C8BB03BBBECFA601F8BA781417E7114662DDEE
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r.b.6...6...6...?..$...&9..4...&9..2...&9..>...&9..'...}...8...Y<..5...6...2...~8..I...6.......~8..7...~8..7...Rich6...........PE..d......g.........." ...)..Y..$........W.......................................w...........`..........................................q.....l.q.............. s...............w......zi.T....................{i.(...Pyi.@.............Y..............................text...k.Y.......Y................. ..`.rdata...A....Y..B....Y.............@..@.data...@+....q.......q.............@....pdata....... s.......r.............@..@.reloc........w.......v.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\h2-4.1.0.dist-info\INSTALLER

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                                                                                      Entropy (8bit):1.5
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:Mn:M
                                                                                                                                                                                                                                      MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                      SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                      SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                      SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:pip.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\h2-4.1.0.dist-info\LICENSE

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1102
                                                                                                                                                                                                                                      Entropy (8bit):5.120351253767657
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:24:bOLRrmJHHH0yN3gtsHw1hj9QHOsUv4eOk4/+/m3oqLF5n:bOLRaJHlxE35QHOs5exm3ogF5n
                                                                                                                                                                                                                                      MD5:AA3B9B4395563DD427BE5F022EC321C1
                                                                                                                                                                                                                                      SHA1:80129BCE9030CF215FC93006DCE98B0BA8C778F8
                                                                                                                                                                                                                                      SHA-256:7A65A5AF0CBABF1C16251C7C6B2B7CB46D16A7222E79975B9B61FCD66A2E3F28
                                                                                                                                                                                                                                      SHA-512:62337AD684E4AA1192DBA00503EED316F28F6480ACEA90442774BE544C970C3F9012933B451C036DB3AC388C495153D6C9FA04E1844E0A483E8E767218B90690
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:The MIT License (MIT)..Copyright (c) 2015-2020 Cory Benfield and contributors..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\h2-4.1.0.dist-info\METADATA

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):3583
                                                                                                                                                                                                                                      Entropy (8bit):4.978673419311688
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:D7evWamPktjxsxMMrgfHcxfS+UvWQH46o1WvUXCR:+RsMCgfGfS+UvW63MyR
                                                                                                                                                                                                                                      MD5:566784A778E8B69F205F14DAC1D57817
                                                                                                                                                                                                                                      SHA1:B1B850F3D43CC453086BED7034675426F81C9BDE
                                                                                                                                                                                                                                      SHA-256:C504EAA29585F6BDD95644FEC420C7016599401DE0FF3CAA80AC429748A847A4
                                                                                                                                                                                                                                      SHA-512:CFD127A2868E94E5F4FAFAB78A3153094D45F6538AE77642ADE9FABC5580D47DA2EC40A2EB7BF11FD6F5A21553A4489F5278B76AC017D738B64C4C9579B38D55
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:Metadata-Version: 2.1.Name: h2.Version: 4.1.0.Summary: HTTP/2 State-Machine based protocol implementation.Home-page: https://github.com/python-hyper/h2.Author: Cory Benfield.Author-email: cory@lukasa.co.uk.License: MIT License.Platform: UNKNOWN.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.6.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: Implementation :: CPython.Classifier: Programming Language :: Python :: Implementation :: PyPy.Requires-Python: >=3.6.1.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: hyperframe (<7,>=6.0).

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\h2-4.1.0.dist-info\RECORD

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1716
                                                                                                                                                                                                                                      Entropy (8bit):5.8211741515807445
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:48:pnuXipSpe7lLCDHPk0M3T429PTW/2B7V0Wh85dGlLt4qYt29tw:sXEFgHe3T42VTW/2tV0MmdGlLtnY89m
                                                                                                                                                                                                                                      MD5:D87AEDCBB68CBE9452841B2CCF60912D
                                                                                                                                                                                                                                      SHA1:A52A782A2954A756483F58BC96007BA4183FA020
                                                                                                                                                                                                                                      SHA-256:2064CC9A20B0FB9F6BC1D8BB5C819AAC32A729C2D0CAD20933E1CD88397B84BB
                                                                                                                                                                                                                                      SHA-512:D2F863769FAFA427020C59FA0CCE704B4487D30FF8D5398FEB3724AFEFC273DC006CF16F2B24B875C3EC8550B74E09F02B910A8AC78C7A70A0F8D0496BE1DEA5
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:h2-4.1.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..h2-4.1.0.dist-info/LICENSE,sha256=emWlrwy6vxwWJRx8ayt8tG0WpyIueZdbm2H81mouPyg,1102..h2-4.1.0.dist-info/METADATA,sha256=xQTqopWF9r3ZVkT-xCDHAWWZQB3g_zyqgKxCl0ioR6Q,3583..h2-4.1.0.dist-info/RECORD,,..h2-4.1.0.dist-info/WHEEL,sha256=OqRkF0eY5GHssMorFjlbTIq072vpHpF60fIQA6lS9xA,92..h2-4.1.0.dist-info/top_level.txt,sha256=Hiulx8KxI2jFUM1dG7-CZeRkO3j50MBwCLG36Vrq-kI,3..h2/__init__.py,sha256=inV-bCAUhD_QGjQe5Mk8gl7F85v26UW9W3BHov9vBAA,86..h2/__pycache__/__init__.cpython-313.pyc,,..h2/__pycache__/config.cpython-313.pyc,,..h2/__pycache__/connection.cpython-313.pyc,,..h2/__pycache__/errors.cpython-313.pyc,,..h2/__pycache__/events.cpython-313.pyc,,..h2/__pycache__/exceptions.cpython-313.pyc,,..h2/__pycache__/frame_buffer.cpython-313.pyc,,..h2/__pycache__/settings.cpython-313.pyc,,..h2/__pycache__/stream.cpython-313.pyc,,..h2/__pycache__/utilities.cpython-313.pyc,,..h2/__pycache__/windows.cpython-313.pyc,,..h2/config

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\h2-4.1.0.dist-info\WHEEL

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):92
                                                                                                                                                                                                                                      Entropy (8bit):4.842566724466667
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:RtEeX7MWcSlViHoKKjP+tPCCfA5S:RtBMwlViQWBBf
                                                                                                                                                                                                                                      MD5:11AA48DBE7E7CC631B11DD66DC493AEB
                                                                                                                                                                                                                                      SHA1:249FDB01AD3E3F71356E33E1897D06F23CFB20C2
                                                                                                                                                                                                                                      SHA-256:3AA464174798E461ECB0CA2B16395B4C8AB4EF6BE91E917AD1F21003A952F710
                                                                                                                                                                                                                                      SHA-512:EDD5892C9B2FE1F2439C53D2CD05F4478EC360885054BD06AFCF7936F6D066377FEE07796DAE9ECDF810E3D6100E039CAD48F00AD0E3145693D53E844CC5319D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.36.2).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\h2-4.1.0.dist-info\top_level.txt

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):3
                                                                                                                                                                                                                                      Entropy (8bit):1.584962500721156
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:Vn:V
                                                                                                                                                                                                                                      MD5:4217C1CE78C1E6BAE73FE12CE19C51D3
                                                                                                                                                                                                                                      SHA1:8BA0141FFAA18F4355DB911606B6B283D9BEF1B1
                                                                                                                                                                                                                                      SHA-256:1E2BA5C7C2B12368C550CD5D1BBF8265E4643B78F9D0C07008B1B7E95AEAFA42
                                                                                                                                                                                                                                      SHA-512:E735248AA6CC62335983C38AC04631F512B1444D3FACD5FE00064F6649D9382CC8A1661BFEF4978156B2BBD93C27FCDFD581416B05EBC91B59FEFD3C51207067
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:h2.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\libcrypto-3.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5232408
                                                                                                                                                                                                                                      Entropy (8bit):5.940072183736028
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
                                                                                                                                                                                                                                      MD5:123AD0908C76CCBA4789C084F7A6B8D0
                                                                                                                                                                                                                                      SHA1:86DE58289C8200ED8C1FC51D5F00E38E32C1AAD5
                                                                                                                                                                                                                                      SHA-256:4E5D5D20D6D31E72AB341C81E97B89E514326C4C861B48638243BDF0918CFA43
                                                                                                                                                                                                                                      SHA-512:80FAE0533BA9A2F5FA7806E86F0DB8B6AAB32620DDE33B70A3596938B529F3822856DE75BDDB1B06721F8556EC139D784BC0BB9C8DA0D391DF2C20A80D33CB04
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(..7..<......v........................................0P.......O...`...........................................H.0.....O.@....@O.|.... L. .....O../...PO.$...`{D.8............................yD.@.............O..............................text.....7.......7................. ..`.rdata........7.......7.............@..@.data...Ao....K..<....K.............@....pdata....... L.......K.............@..@.idata...%....O..&....N.............@..@.00cfg..u....0O.......N.............@..@.rsrc...|....@O.......N.............@..@.reloc..~....PO.......N.............@..B................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\libffi-8.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):39696
                                                                                                                                                                                                                                      Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                                      MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                                      SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                                      SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                                      SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\libssl-3.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):792856
                                                                                                                                                                                                                                      Entropy (8bit):5.57949182561317
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:7LN1sdyIzHHZp5c3nlUa6lxzAG11rbmFe9Xbv:7LgfzH5I3nlUa2AU2Fe9Xbv
                                                                                                                                                                                                                                      MD5:4FF168AAA6A1D68E7957175C8513F3A2
                                                                                                                                                                                                                                      SHA1:782F886709FEBC8C7CEBCEC4D92C66C4D5DBCF57
                                                                                                                                                                                                                                      SHA-256:2E4D35B681A172D3298CAF7DC670451BE7A8BA27C26446EFC67470742497A950
                                                                                                                                                                                                                                      SHA-512:C372B759B8C7817F2CBB78ECCC5A42FA80BDD8D549965BD925A97C3EEBDCE0335FBFEC3995430064DEAD0F4DB68EBB0134EB686A0BE195630C49F84B468113E3
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.>..|m..|m..|m.u.m..|m+.}l..|m.u}l..|m+..l..|m+.xl..|m+.yl..|m..}l..|m..}m..|m..xl..|m..|l..|m...m..|m..~l..|mRich..|m................PE..d......f.........." ...(.>..........K........................................0......!+....`..........................................x...Q..............s.... ...M......./......d...p...8...............................@............................................text....<.......>.................. ..`.rdata..hz...P...|...B..............@..@.data...qN.......H..................@....pdata..pV... ...X..................@..@.idata...c.......d...^..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..C...........................@..B........................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\python3.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):70416
                                                                                                                                                                                                                                      Entropy (8bit):6.1258200129869405
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:pQEotsskOv6pWVCB4p/uKlZPRQcFIc9qunV0Jku/YFI1Hu1wEBbCpVNyD6VdPxiD:/otssyKcunV8PjZIJy0i7SyWH1
                                                                                                                                                                                                                                      MD5:16855EBEF31C5B1EBE767F1C617645B3
                                                                                                                                                                                                                                      SHA1:315521F3A748ABFA35CD4D48E8DD09D0556D989B
                                                                                                                                                                                                                                      SHA-256:A5C6A329698490A035133433928D04368CE6285BB91A9D074FC285DE4C9A32A4
                                                                                                                                                                                                                                      SHA-512:C3957B3BD36B10C7AD6EA1FF3BC7BD65CDCEB3E6B4195A25D0649AA0DA179276CE170DA903D77B50A38FC3D5147A45BE32DBCFDBFBF76CC46301199C529ADEA4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%?..a^e.a^e.a^e.).m.`^e.).e.`^e.)..`^e.).g.`^e.Richa^e.........PE..d......g.........." ...)............................................................z.....`.........................................`..................................../..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\python313.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):6083856
                                                                                                                                                                                                                                      Entropy (8bit):6.126922729922386
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:fXGc3O7T4DKX+vLFMmKYxiAYNBD987KdJlI9HbeX2jrgQcw6Zc4h67mM+XDQ3bLi:Of42zJiwJl/YF7v3vaHDMiEN3Kr
                                                                                                                                                                                                                                      MD5:B9DE917B925DD246B709BB4233777EFD
                                                                                                                                                                                                                                      SHA1:775F258D8B530C6EA9F0DD3D1D0B61C1948C25D2
                                                                                                                                                                                                                                      SHA-256:0C0A66505093B6A4BB3475F716BD3D9552095776F6A124709C13B3F9552C7D99
                                                                                                                                                                                                                                      SHA-512:F4BF3398F50FDD3AB7E3F02C1F940B4C8B5650ED7AF16C626CCD1B934053BA73A35F96DA03B349C1EB614BB23E0BC6B5CC58B07B7553A5C93C6D23124F324A33
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s]{v ]{v ]{v M.w!_{v M.. S{v M.u!Y{v M.r!U{v M.s!P{v T.. G{v ..w!V{v ]{w .zv ..{!.{v ..v!\{v ... \{v ..t!\{v Rich]{v ........................PE..d......g.........." ...).:+..T9......J........................................d.....uF]...`...........................................O.....h.P.......d......0].......\../....d..... A3.T.....................I.(....?3.@............P+..............................text....8+......:+................. ..`.rdata....%..P+...%..>+.............@..@.data...$9....P..N....P.............@....pdata.......0]...... U.............@..@PyRuntim.N...._..P....W.............@....rsrc.........d.......[.............@..@.reloc........d.......[.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\pywin32_system32\pythoncom313.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):678400
                                                                                                                                                                                                                                      Entropy (8bit):6.050905552138285
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:r0G3L613PCcuXLq0Qroh0abOY6RWd0GrNmFKlOKdSAjUpdc6YcAQE7KytwhrPYL+:AGm16c0QroXbWnGVlOKQpdAUmN+
                                                                                                                                                                                                                                      MD5:070B0C071A05B06223B927F1711E0B9C
                                                                                                                                                                                                                                      SHA1:C482B1E1C1CDA3E0AEB84A0C3EF315C355BA003B
                                                                                                                                                                                                                                      SHA-256:9D1097ABAD812B53A68C2BFCF9EFEF7559E39873950A000FAC9A7C7C5B199292
                                                                                                                                                                                                                                      SHA-512:D05389A078C66426EA9CA3A8DF1721ABE246F59A3684DCFA9C5B031A93D96506A0D3BB8795330CFC0E81B23BBF7D91BBDE51EFFD152A234BA5ED63673F41086B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........~..-..-..-...-...-..,..-..,..-..,..-..,..-..,..-..,..-...,..-..,..-..-...-..,...-..,..-..,..-Rich..-................PE..d......g.........." ................4........................................ ............`..........................................u...c..............l....`...{............... ..`1..T............................1..8............................................text...#........................... ..`.rdata...$.......&..................@..@.data....L..........................@....pdata...{...`...|..................@..@.rsrc...l............4..............@..@.reloc... ......."...8..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\pywin32_system32\pywintypes313.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):135680
                                                                                                                                                                                                                                      Entropy (8bit):6.0205382324631955
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:q9GPDeI1KuOQEbULZYY/r06YrqHXmZEdb/XAnLT:GgDJ1vOlbfY/rke3mZE9/XA
                                                                                                                                                                                                                                      MD5:2A87D04E9E7CBFF67E8EA4F6315C0EBB
                                                                                                                                                                                                                                      SHA1:CF5B2BB53B37087ECA18E509B8551ED5CB7575D9
                                                                                                                                                                                                                                      SHA-256:D011068781CFBA0955258505DBE7E5C7D3D0B955E7F7640D2F1019D425278087
                                                                                                                                                                                                                                      SHA-512:2138E051AC116D3ABE11101C75F8BD8388D7FBA89B15E6F82DC35FD78BDD913ED8BA468769F68440CE7834825806281AA15F0023855E3B8248266414D60A4A44
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.J+.z$x.z$x.z$x...x.z$xW.%y.z$xc..x.z$xW.!y.z$xW. y.z$xW.'y.z$xN. y.z$xM.%y.z$xN.%y.z$x.z%x.z$x..-y.z$x..$y.z$x..&y.z$xRich.z$x................PE..d...X..g.........." .........................................................`............`.........................................0...lB......,....@..l.... ...............P..0....a..T............................b..8...............p............................text...9........................... ..`.rdata..............................@..@.data....-.......(..................@....pdata....... ......................@..@.rsrc...l....@......................@..@.reloc..0....P......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\select.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):30992
                                                                                                                                                                                                                                      Entropy (8bit):6.554484610649281
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:7hhxm9tKLhuoNHfzzlvFy0ZZIJ9GckHQIYiSy1pCQ4HWSJIVE8E9VF0Ny6sC:tCytHf98uZIJ9Gx5YiSyvy2ES
                                                                                                                                                                                                                                      MD5:20831703486869B470006941B4D996F2
                                                                                                                                                                                                                                      SHA1:28851DFD43706542CD3EF1B88B5E2749562DFEE0
                                                                                                                                                                                                                                      SHA-256:78E5994C29D8851F28B5B12D59D742D876683AEA58ECEEA1FB895B2036CDCDEB
                                                                                                                                                                                                                                      SHA-512:4AAF5D66D2B73F939B9A91E7EDDFEB2CE2476C625586EF227B312230414C064AA850B02A4028363AA4664408C9510594754530A6D026A0A84BE0168D677C1BC4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........tV..'V..'V..'_.j'T..'F:.&T..'F:.&R..'F:.&^..'F:.&Z..'.;.&T..'V..'...'...&S..'.;.&W..'.;.&W..'.;.'W..'.;.&W..'RichV..'................PE..d.....g.........." ...).....2............................................................`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...p....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\unicodedata.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):709904
                                                                                                                                                                                                                                      Entropy (8bit):5.861739047785334
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:FYGdLI/X77mvfldCKGihH32W3cnPSqrUgLIe:FYGW7qNxr3cnPXLIe
                                                                                                                                                                                                                                      MD5:0902D299A2A487A7B0C2D75862B13640
                                                                                                                                                                                                                                      SHA1:04BCBD5A11861A03A0D323A8050A677C3A88BE13
                                                                                                                                                                                                                                      SHA-256:2693C7EE4FBA55DC548F641C0CB94485D0E18596FFEF16541BD43A5104C28B20
                                                                                                                                                                                                                                      SHA-512:8CBEF5A9F2D24DA1014F8F1CCBDDD997A084A0B04DD56BCB6AC38DDB636D05EF7E4EA7F67A085363AAD3F43D45413914E55BDEF14A662E80BE955E6DFC2FECA3
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q.............(.....(.....(.....(.....)................).....).....)x....)....Rich..................PE..d.....g.........." ...).B...f......P,..............................................<.....`.........................................P...X................................/..........p...T...........................0...@............`..h............................text....@.......B.................. ..`.rdata...?...`...@...F..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\win32\_win32sysloader.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):14848
                                                                                                                                                                                                                                      Entropy (8bit):5.116146861242879
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:ketklgde+ljBEs0I62SbPbVlQmUAaPHTPMRX7aMHvcqvn7yab6x/:/d1tT0h2SbAmFaPHTmphvH6x/
                                                                                                                                                                                                                                      MD5:5521E251A515964D04BC90CE8A2AA24C
                                                                                                                                                                                                                                      SHA1:F7B4AB985DC9A1C7EF2F716999D276D126515BEC
                                                                                                                                                                                                                                      SHA-256:F382CFFA30F533484FA6314E90A1408F0826867D70B3320220FD86AAFAC37526
                                                                                                                                                                                                                                      SHA-512:FFEB0185B6D74881B3DCA25BA1B11C33CBCF3B466F3F1B888D662611925399BA2C7D8F133673474F691C068E67811A3FAD0FC057036A5B156B735019FAA882B9
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........%g.ND..ND..ND..G<..LD...1..LD...<..LD...1..ED...1..FD...1..MD......MD..ND..dD..1..OD..1..OD..1..OD..RichND..................PE..d...|..g.........." ......................................................................`..........................................;..`...p;..d....p..t....`..................@...|2..T............................2..8............0..p............................text............................... ..`.rdata..4....0......................@..@.data........P......................@....pdata.......`.......0..............@..@.rsrc...t....p.......4..............@..@.reloc..@............8..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\win32\win32api.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):133632
                                                                                                                                                                                                                                      Entropy (8bit):5.868928551727267
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:mQKZG4IWJW8E60/c0nlRVFhLaNzvX2/qQvmYbtrprA3e:ZKZG7WgdnlRVgvm/qQDtrprA
                                                                                                                                                                                                                                      MD5:C5067F04B506B09E48D4D07470E5A182
                                                                                                                                                                                                                                      SHA1:20435C1A092141CE67E943C95E5CF522762ACD91
                                                                                                                                                                                                                                      SHA-256:E19294BC2C145A9D87D4A2D8412830C8FF4C8C1B9AD005BD68ABD4B566AF1887
                                                                                                                                                                                                                                      SHA-512:56F08A5EB927921DED50E92EA972253E68C1216DAA48871B3AA9ED62DB5712E665DFDA406C73E9F33736B61ED1F0CD016E6B4FFEE0237781FB98EEB63672F81E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V............................................+.............................................Rich............PE..d......g.........." .........................................................P............`......................................... ................0..\.......X............@..X...xv..T............................;..8............0..........@....................text............................... ..`.rdata......0......................@..@.data...X(......."..................@....pdata..X...........................@..@.rsrc...\....0......................@..@.reloc..X....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\win32\win32trace.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):24064
                                                                                                                                                                                                                                      Entropy (8bit):5.260538552870905
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:k1CAOcv3ugutnS5nW8sHt+9Nie20T8DmDxPBQ/vMj75yn9OJg1Bl:kh/pWKJPy/0PUOJuB
                                                                                                                                                                                                                                      MD5:75C14B382EEF49322BB28F79DD2A7A54
                                                                                                                                                                                                                                      SHA1:13CCCA1F8B19D68331E7FE981113B042FAC34408
                                                                                                                                                                                                                                      SHA-256:5049C9956310FFC80C1C21C2D8A6562BA810E4592DB7DAD92462D238D82F65C0
                                                                                                                                                                                                                                      SHA-512:3182316DEF1F09FF45C87BF6A099EF4C4D0AFA0CFF073C54AB59159E79E096ADCA0C4912B1851DE42E5EE0FC5B6C4163FCCB833A4CCE8F2AA42079D0C11D0D7A
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(U.F..F..F.......F...G...F...C...F...B...F...E..F.8.G...F...G...F...G...F..G...F.8.O..F.8.F..F.8.D..F.Rich.F.................PE..d...w..g.........." .....,...........(....................................................`..........................................Q..T....Q..........d....p..,....................G..T...........................0H..8............@...............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data...(....`.......L..............@....pdata..,....p.......R..............@..@.rsrc...d............X..............@..@.reloc...............\..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\zstandard\_cffi.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):650752
                                                                                                                                                                                                                                      Entropy (8bit):6.407907101203656
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:Oz5QLUL4lK9bQkMZ/jZMaBHX7vu3XSAU128zkpWCucchvkf8HpbUPAKjgCX3oRx:Ozb4lK9ckWBHXKSA584ENcyv6sUPAKg
                                                                                                                                                                                                                                      MD5:0C4037C8EE7D926265B6AC499C323599
                                                                                                                                                                                                                                      SHA1:B2F5B324449814C25E7262E2B7598B2596AD34B8
                                                                                                                                                                                                                                      SHA-256:5134A34833CDCDC64546BEB50AABFC09496F457FFB76F6ECDE01E8D9D30BC177
                                                                                                                                                                                                                                      SHA-512:99C5CBA330D1266D46F51348CD1D08920385E42A41ED9BA53AACB5E39C9297B7153BB0F66EAC157D1869877D718BF24486E78033A2F2218E7891E415FE9EC2FD
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F...........1....r....I......r.....r.....r.....u......J..u.....u.....u]....u....Rich..........PE..d....'.f.........." ...(.....\......P........................................0............`.........................................0...\........................3........... .......d..............................Pc..@...............@............................text...x........................... ..`.rdata..b...........................@..@.data...............................@....pdata...3.......4..................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI75642\zstandard\backend_c.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):520192
                                                                                                                                                                                                                                      Entropy (8bit):6.408267868238645
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:AL1TGmvt0Vwyow0k1rErgw25rDjEA0Z7k45sWOC:A5lvt0Vw9fk1rErV25rE57k
                                                                                                                                                                                                                                      MD5:23266E25821CE9E162F050DB8B81C6F9
                                                                                                                                                                                                                                      SHA1:FD1049338E304D7688562991091D59C310999B23
                                                                                                                                                                                                                                      SHA-256:0B494D168A67F2EB2D75593714A4DB65FE0F000B66388AB3C721A67515A2FEFC
                                                                                                                                                                                                                                      SHA-512:E118531A6BF5354BF082D4CEAAF5247FEA3305A9ADD399ECBBE08AB083D39AB760F3CA28A0DD2B4D5D8400F3E88EC3DECD696E3987FB9F2264A5B8B16F66A61B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................k...........k.....k.....k.....l......T..l.....l.....ln....l....Rich..................PE..d....'.f.........." ...(............ ........................................0............`......................................... ...d........................)........... ..d...0\...............................Z..@...............(............................text...H........................... ..`.rdata.............................@..@.data....-.......(..................@....pdata...).......*..................@..@.rsrc...............................@..@.reloc..d.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\Pythonwin\mfc140u.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5653536
                                                                                                                                                                                                                                      Entropy (8bit):6.729079283804055
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:ULnsrdZXUTQyJa9qgUUjlQNXkW8GCBTDgHsYogTYn3s3pQMqSj+vTCfEs7ATWYls:UoJUEUYS3zUQFLOAkGkzdnEVomFHKnP+
                                                                                                                                                                                                                                      MD5:CD1D99DF975EE5395174DF834E82B256
                                                                                                                                                                                                                                      SHA1:F395ADA2EFC6433B34D5FBC5948CB47C7073FA43
                                                                                                                                                                                                                                      SHA-256:D8CA1DEA862085F0204680230D29BFF4D168FFF675AB4700EEAF63704D995CB3
                                                                                                                                                                                                                                      SHA-512:397F725E79CA2C68799CF68DFB111A1570427F3D2175D740758C387BDAA508BC9014613E997B92FC96E884F66BB17F453F8AA035731AFD022D9A4E7095616F87
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.cu...&...&...&...'...&...'...&...'...&..&...&G..'...&G..'...&...'...&...&..&G..'...&G..'...&G..'...&G..'...&G..&...&G..'...&Rich...&................PE..d...9.:e.........." .....(-..X)......X,.......................................V.....&~V...`A..........................................:.....h.;.......?......`=..8....V. (...PU.0p..P.5.T...........................`...8............@-.P...(.:......................text....&-......(-................. ..`.rdata.......@-......,-.............@..@.data....6... <.......<.............@....pdata...8...`=..:....<.............@..@.didat..H.....?.......?.............@....rsrc.........?.......?.............@..@.reloc..0p...PU..r....T.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\Pythonwin\win32ui.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1044992
                                                                                                                                                                                                                                      Entropy (8bit):6.005174713821525
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:cVDH7h88c4vGmhhbrGRUDG+AYZ2OWTw/3EnrE:sDHdRcgFv8qWTwco
                                                                                                                                                                                                                                      MD5:9AF5F53A9201B7E62AC91EDC8AB89C6A
                                                                                                                                                                                                                                      SHA1:4DDFE7AF2248A76B5DB90AF0EAF4C80E2B4CD6DB
                                                                                                                                                                                                                                      SHA-256:F84528FC136D8ABAE77543B8E9E8C9489C4495C491807907E675C15F028816F6
                                                                                                                                                                                                                                      SHA-512:0581BA9951452BD7B2A193B8D73573B49CB8115468B6AF8B988628670A768A6882AC4C2C9FAA559F731ADD4378DCF606C3FFEEF96AD8A479B272E6C429DC1293
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;`K.Z...Z...Z..."...Z..=/...Z.......Z..."...Z.../...Z.../...Z.../...Z...Z...\.../...Z..=/...Z..=/...Z..=/...Z..=/...Z..Rich.Z..........................PE..d...~..g.........." .....|...r......T1....................................................`.............................................T......h............p..............0..`\......T.......................(.......8................0...........................text....z.......|.................. ..`.rdata.............................@..@.data........P.......6..............@....pdata......p......................@..@.rsrc................z..............@..@.reloc..`\...0...^..................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\VCRUNTIME140.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):120400
                                                                                                                                                                                                                                      Entropy (8bit):6.6017475353076716
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:N9TXF5LLXQLlNycKW+D4SdqJk6aN1ACuyxLiyazYaCVoecbdhgOwAd+zfZ1zu:N9jelDoD9uyxLizzFzecbdPwA87S
                                                                                                                                                                                                                                      MD5:862F820C3251E4CA6FC0AC00E4092239
                                                                                                                                                                                                                                      SHA1:EF96D84B253041B090C243594F90938E9A487A9A
                                                                                                                                                                                                                                      SHA-256:36585912E5EAF83BA9FEA0631534F690CCDC2D7BA91537166FE53E56C221E153
                                                                                                                                                                                                                                      SHA-512:2F8A0F11BCCC3A8CB99637DEEDA0158240DF0885A230F38BB7F21257C659F05646C6B61E993F87E0877F6BA06B347DDD1FC45D5C44BC4E309EF75ED882B82E4E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\=..\...\...\..S$...\...$...\...\..5\...\...\.....\.....\.....\.....\......\.....\..Rich.\..........PE..d.....x.........." ...).$...d............................................................`A........................................0u..4...d}..........................PP...........^..p............................\..@............@...............................text............................... ..`fothk........0...................... ..`.rdata...C...@...D...(..............@..@.data................l..............@....pdata...............p..............@..@_RDATA...............|..............@..@.rsrc................~..............@..@.reloc..............................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):49744
                                                                                                                                                                                                                                      Entropy (8bit):6.701724666218339
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:ApzzO6ujT3MbR3v0Cz6SR8q83yaFdWr9zRcmgEl6U9zSC:9q/oGw3fFdwzRcmZFzSC
                                                                                                                                                                                                                                      MD5:68156F41AE9A04D89BB6625A5CD222D4
                                                                                                                                                                                                                                      SHA1:3BE29D5C53808186EBA3A024BE377EE6F267C983
                                                                                                                                                                                                                                      SHA-256:82A2F9AE1E6146AE3CB0F4BC5A62B7227E0384209D9B1AEF86BBCC105912F7CD
                                                                                                                                                                                                                                      SHA-512:F7BF8AD7CD8B450050310952C56F6A20B378A972C822CCC253EF3D7381B56FFB3CA6CE3323BEA9872674ED1C02017F78AB31E9EB9927FC6B3CBA957C247E5D57
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.{...{...{...0...y.......y...r.H.p...{...H.......|.......`.......~.......z.....$.z.......z...Rich{...........PE..d...l0.?.........." ...).<...8.......@...............................................b....`A........................................pm.......m..x....................r..PP......D....c..p...........................`b..@............P..`............................text....;.......<.................. ..`.rdata.."#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\_brotli.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):823808
                                                                                                                                                                                                                                      Entropy (8bit):6.062213302300903
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:XO85hNmCUoltfSNAHhlyp8aXTw05nmZfR:XTT6AzRAmZfR
                                                                                                                                                                                                                                      MD5:5ED46A7126DBDB70F3C60530E35BA035
                                                                                                                                                                                                                                      SHA1:B5C0DCBE3EE42E258CADD54AC46F70F1F903AE1B
                                                                                                                                                                                                                                      SHA-256:67DFA82DCAED04ED3F358D84B18D1375D59126161DE92E00164D36087B179D4D
                                                                                                                                                                                                                                      SHA-512:7F5D2B52C310A239182EEDD60833951D46CDD18CA2EDD828FCABED4299B2AB5DF506A2B271E33F129D0256D6DB90F9C902EE4D18A7E41CA61F65365504451DE0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."/a.fN..fN..fN..o6..nN..v...dN..-6..dN..v...eN..v...nN..v...kN......eN..fN..[N......FN......gN......gN......gN..RichfN..........PE..d....Q.g.........." ...).L...H.......O....................................................`......................................... t..`....t.................. ....................J..............................`I..@............`...............................text...XJ.......L.................. ..`.rdata.......`.......P..............@..@.data................l..............@....pdata.. ............t..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\_bz2.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):84240
                                                                                                                                                                                                                                      Entropy (8bit):6.607563436050078
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:Kdrz7l1EVLsSuvX3dUK4MLgqK7YEog8y5sV8lIJLVy7SyFB:urzcuvXvrEo7y6V8lIJLVyB
                                                                                                                                                                                                                                      MD5:CB8C06C8FA9E61E4AC5F22EEBF7F1D00
                                                                                                                                                                                                                                      SHA1:D8E0DFC8127749947B09F17C8848166BAC659F0D
                                                                                                                                                                                                                                      SHA-256:FC3B481684B926350057E263622A2A5335B149A0498A8D65C4F37E39DD90B640
                                                                                                                                                                                                                                      SHA-512:E6DA642B7200BFB78F939F7D8148581259BAA9A5EDDA282C621D14BA88083A9B9BD3D17B701E9CDE77AD1133C39BD93FC9D955BB620546BB4FCF45C68F1EC7D6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e...!m..!m..!m..(.o.+m..1...#m..1..."m..1...%m..1...)m..1...,m..i..."m..j...#m..!m..|m..i...)m..i... m..i... m..i... m..Rich!m..........PE..d.....g.........." ...).....\......0........................................P......7[....`.............................................H...(........0....... .. ......../...@..........T...........................`...@...............x............................text............................... ..`.rdata...=.......>..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\_cffi_backend.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):179200
                                                                                                                                                                                                                                      Entropy (8bit):6.189919896183334
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:X3LjFuaTzDGA3GrJwUdoSPhpRv9JUizQWS7LkSTLkKWgFIPXD0:X3QaT3GA3NSPhDsizTikSTLLWgF0z0
                                                                                                                                                                                                                                      MD5:5CBA92E7C00D09A55F5CBADC8D16CD26
                                                                                                                                                                                                                                      SHA1:0300C6B62CD9DB98562FDD3DE32096AB194DA4C8
                                                                                                                                                                                                                                      SHA-256:0E3D149B91FC7DC3367AB94620A5E13AF6E419F423B31D4800C381468CB8AD85
                                                                                                                                                                                                                                      SHA-512:7AB432C8774A10F04DDD061B57D07EBA96481B5BB8C663C6ADE500D224C6061BC15D17C74DA20A7C3CEC8BBF6453404D553EBAB22D37D67F9B163D7A15CF1DED
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......i..#-p.p-p.p-p.p$..p!p.p=.q/p.p=.zp)p.p=.q)p.p=.q%p.p=.q!p.pf..q)p.p9.q.p.p-p.p.p.pe..q)p.p$..p,p.pe..q,p.pe.xp,p.pe..q,p.pRich-p.p........................PE..d..._..f.........." ...).....B......@........................................0............`..........................................h..l....i..................T............ ......0O...............................M..@............................................text............................... ..`.rdata..............................@..@.data....].......0...n..............@....pdata..T...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\_ctypes.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):131344
                                                                                                                                                                                                                                      Entropy (8bit):6.311142284249784
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:3RF024DWkT/DKGkXY402iXnVJf/FO50XnekZ39gPhvEQZIJyPArm:j0nHT/DKFXZorf/FO50uW3SEQt
                                                                                                                                                                                                                                      MD5:A55E57D7594303C89B5F7A1D1D6F2B67
                                                                                                                                                                                                                                      SHA1:904A9304A07716497CF3E4EAAFD82715874C94F1
                                                                                                                                                                                                                                      SHA-256:F63C6C7E71C342084D8F1A108786CA6975A52CEFEF8BE32CC2589E6E2FE060C8
                                                                                                                                                                                                                                      SHA-512:FFA61AD2A408A831B5D86B201814256C172E764C9C1DBE0BD81A2E204E9E8117C66F5DFA56BB7D74275D23154C0ED8E10D4AE8A0D0564434E9761D754F1997FC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h~..............q...............................................q.......q......!u.............................................Rich....................PE..d.....g.........." ...).............h....................................... .......Z....`.........................................P.................................../...........=..T............................;..@............0...............................text............................... ..`.rdata...y...0...z..................@..@.data....$....... ..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\_decimal.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):277776
                                                                                                                                                                                                                                      Entropy (8bit):6.5855511991551
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:x9iD78EIq4x4OA5bZZ0KDgQcI79qWM53pLW1AFR8E4wXw76TPlpV77777VMvyk:xwDGqr5b8EgQ5+w6k
                                                                                                                                                                                                                                      MD5:F3377F3DE29579140E2BBAEEFD334D4F
                                                                                                                                                                                                                                      SHA1:B3076C564DBDFD4CA1B7CC76F36448B0088E2341
                                                                                                                                                                                                                                      SHA-256:B715D1C18E9A9C1531F21C02003B4C6726742D1A2441A1893BC3D79D7BB50E91
                                                                                                                                                                                                                                      SHA-512:34D9591590BBA20613691A5287EF329E5927A58127CE399088B4D68A178E3AF67159A8FC55B4FCDCB08AE094753B20DEC2AC3F0B3011481E4ED6F37445CECDD5
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j2U..\...\...\..s....\..]...\.._...\..X...\..Y...\...]...\..s]...\...].z.\..._...\...Q...\...\...\.......\...^...\.Rich..\.........................PE..d......g.........." ...).....Z...............................................P......W.....`.................................................L........0..........t+......./...@..........T...............................@............... ............................text.............................. ..`.rdata..\...........................@..@.data...8'......."..................@....pdata..t+.......,..................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\_hashlib.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):64272
                                                                                                                                                                                                                                      Entropy (8bit):6.220967684620152
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:eNJI0DWiflFwY9X3Th1JnptE462TxNvdbj4dIJvI75YiSyvE62Em:2LDxflFwY9XDhPfVNv+dIJvIF7Syc6c
                                                                                                                                                                                                                                      MD5:32D76C9ABD65A5D2671AEEDE189BC290
                                                                                                                                                                                                                                      SHA1:0D4440C9652B92B40BB92C20F3474F14E34F8D62
                                                                                                                                                                                                                                      SHA-256:838D5C8B7C3212C8429BAF612623ABBBC20A9023EEC41E34E5461B76A285B86C
                                                                                                                                                                                                                                      SHA-512:49DC391F4E63F4FF7D65D6FD837332745CC114A334FD61A7B6AA6F710B235339964B855422233FAC4510CCB9A6959896EFE880AB24A56261F78B2A0FD5860CD9
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W.A.6...6...6...N%..6.......6.......6.......6.......6.......6...N...6.......6...6..26.......6.......6....I..6.......6..Rich.6..........PE..d......g.........." ...).P...~.......=..............................................!.....`.........................................p...P................................/......X....l..T............................k..@............`...............................text....N.......P.................. ..`.rdata...M...`...N...T..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\_lzma.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):157968
                                                                                                                                                                                                                                      Entropy (8bit):6.854644275249963
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:KbbS4R/G4Z8r7NjwJTSUqCRY4By7znfB9mNowgn0lCelIJ012+j:KbR/8oWeBi5YOwflCe8o
                                                                                                                                                                                                                                      MD5:1BA022D42024A655CF289544AE461FB8
                                                                                                                                                                                                                                      SHA1:9772A31083223ECF66751FF3851D2E3303A0764C
                                                                                                                                                                                                                                      SHA-256:D080EABD015A3569813A220FD4EA74DFF34ED2A8519A10473EB37E22B1118A06
                                                                                                                                                                                                                                      SHA-512:2B888A2D7467E29968C6BB65AF40D4B5E80722FFDDA760AD74C912F3A2F315D402F3C099FDE82F00F41DE6C9FAAEDB23A643337EB8821E594C567506E3464C62
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V.,.V.,.V.,...,.V.,..-.V.,..-.V.,..-.V.,..-.V.,..-.V.,...-.V.,.V.,.V.,..-.V.,..-.V.,..u,.V.,..-.V.,Rich.V.,................PE..d......g.........." ...).`...........1.......................................p.......P....`.............................................L.......x....P.......0.......:.../...`..4....|..T...........................P{..@............p...............................text...^^.......`.................. ..`.rdata.......p.......d..............@..@.data........ ......................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..4....`.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\_queue.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):33552
                                                                                                                                                                                                                                      Entropy (8bit):6.446391764486538
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:7GpPCRjqMu/AoS6rf7sif0NHQibZIJ9UoOHQIYiSy1pCQ5xX1rSJIVE8E9VF0Nyf:fkTM6rg9aeZIJ9Uok5YiSyvTo2Et
                                                                                                                                                                                                                                      MD5:1C03CAA59B5E4A7FB9B998D8C1DA165A
                                                                                                                                                                                                                                      SHA1:8A318F80A705C64076E22913C2206D9247D30CD7
                                                                                                                                                                                                                                      SHA-256:B9CF502DADCB124F693BF69ECD7077971E37174104DBDA563022D74961A67E1E
                                                                                                                                                                                                                                      SHA-512:783ECDA7A155DFC96A718D5A130FB901BBECBED05537434E779135CBA88233DD990D86ECA2F55A852C9BFB975074F7C44D8A3E4558D7C2060F411CE30B6A915F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T...........-.........................................................................A...........Rich...................PE..d.....g.........." ...).....:.......................................................r....`.........................................PD..L....D..d....p.......`..l....T.../..........@4..T............................3..@............0...............................text............................... ..`.rdata..2....0....... ..............@..@.data........P.......>..............@....pdata..l....`.......D..............@..@.rsrc........p.......H..............@..@.reloc...............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\_socket.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):83728
                                                                                                                                                                                                                                      Entropy (8bit):6.331814573029388
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:XuV3gvWHQdMq3ORC/OypTXQlyJ+9+nzEYwsBI6tzOKuZIJywJ7Sy21:XuVQvcQTSypTXQlyJs+nzEYJI6QlZIJY
                                                                                                                                                                                                                                      MD5:FE896371430BD9551717EF12A3E7E818
                                                                                                                                                                                                                                      SHA1:E2A7716E9CE840E53E8FC79D50A77F40B353C954
                                                                                                                                                                                                                                      SHA-256:35246B04C6C7001CA448554246445A845CE116814A29B18B617EA38752E4659B
                                                                                                                                                                                                                                      SHA-512:67ECD9A07DF0A07EDD010F7E3732F3D829F482D67869D6BCE0C9A61C24C0FDC5FF4F4E4780B9211062A6371945121D8883BA2E9E2CF8EB07B628547312DFE4C9
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............ll}.ll}.ll}...}.ll}..m|.ll}..o|.ll}..h|.ll}..i|.ll}..m|.ll}.lm}.ll}..m|.ll}..a|.ll}..l|.ll}..}.ll}..n|.ll}Rich.ll}........PE..d.....g.........." ...).x.......... -.......................................`.......s....`.........................................@...P............@.......0.........../...P..........T...........................@...@............................................text....w.......x.................. ..`.rdata.. y.......z...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\_ssl.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):181520
                                                                                                                                                                                                                                      Entropy (8bit):5.972827303352998
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:kO+IWyXHllRhN1qhep7fM6CpqjZI8u7pUULbaLZErWreVEzvT3iFCNc6tYwJc1OW:kpSrhN1E2M6CpUuwg5dEW7
                                                                                                                                                                                                                                      MD5:1C0E3E447F719FBE2601D0683EA566FC
                                                                                                                                                                                                                                      SHA1:5321AB73B36675B238AB3F798C278195223CD7B1
                                                                                                                                                                                                                                      SHA-256:63AE2FEFBFBBBC6EA39CDE0A622579D46FF55134BC8C1380289A2976B61F603E
                                                                                                                                                                                                                                      SHA-512:E1A430DA2A2F6E0A1AED7A76CC4CD2760B3164ABC20BE304C1DB3541119942508E53EA3023A52B8BADA17A6052A7A51A4453EFAD1A888ACB3B196881226C2E5C
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FM.^.,k..,k..,k..T...,k...j..,k...h..,k...o..,k...n..,k.J.j..,k...j..,k..,j..-k.ITj..,k.J.f..,k.J.k..,k.J....,k.J.i..,k.Rich.,k.................PE..d......g.........." ...)............ /..............................................R\....`.............................................d................................/..............T...........................P...@............................................text...0........................... ..`.rdata..D%.......&..................@..@.data...`...........................@....pdata...............n..............@..@.rsrc................z..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\_wmi.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):38160
                                                                                                                                                                                                                                      Entropy (8bit):6.338856805460127
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:fEkK9VgWOZbs3550QcJpPllIJLiX5YiSyvQ602Euf0:fE93jkbQcJvlIJLiJ7Syq00
                                                                                                                                                                                                                                      MD5:1C30CC7DF3BD168D883E93C593890B43
                                                                                                                                                                                                                                      SHA1:31465425F349DAE4EDAC9D0FEABC23CE83400807
                                                                                                                                                                                                                                      SHA-256:6435C679A3A3FF4F16708EBC43F7CA62456C110AC1EA94F617D8052C90C143C7
                                                                                                                                                                                                                                      SHA-512:267A1807298797B190888F769D998357B183526DFCB25A6F1413E64C5DCCF87F51424B7E5D6F2349D7A19381909AB23B138748D8D9F5858F7DC0552F5C5846AC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H2.&a.&a.&a..a.&a..'`.&a..%`.&a.."`.&a..'`.&a..#`.&a..'`.&a.'a..&a.."`.&a../`.&a..&`.&a...a.&a..$`.&aRich.&a................PE..d.....g.........." ...).,...<.......)..............................................'.....`.........................................0V..H...xV.......................f.../......x...tG..T............................C..@............@.......T..@....................text....*.......,.................. ..`.rdata..d ...@..."...0..............@..@.data........p.......R..............@....pdata...............V..............@..@.rsrc................Z..............@..@.reloc..x............d..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\base_library.zip

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1394456
                                                                                                                                                                                                                                      Entropy (8bit):5.531698507573688
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:IW7WpLV6yNLeGQbVz3YQfiBgDPtLwjFx278e6ZQnHS91lqyL+DXUgnxOr+dx5/GO:B7WpLtHa9BHSHAW+dx5/GP05vddD
                                                                                                                                                                                                                                      MD5:A9CBD0455B46C7D14194D1F18CA8719E
                                                                                                                                                                                                                                      SHA1:E1B0C30BCCD9583949C247854F617AC8A14CBAC7
                                                                                                                                                                                                                                      SHA-256:DF6C19637D239BFEDC8CD13D20E0938C65E8FDF340622FF334DB533F2D30FA19
                                                                                                                                                                                                                                      SHA-512:B92468E71490A8800E51410DF7068DD8099E78C79A95666ECF274A9E9206359F049490B8F60B96081FAFD872EC717E67020364BCFA972F26F0D77A959637E528
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:PK..........!..b.e............_collections_abc.pyc......................................\.....S.r.S.S.K.J.r.J.r. .S.S.K.r.\.".\.\.....5.......r.\.".S.5.......r.S...r.\.".\.5.......r.C./.S.Q.r.S.r.\.".\.".S.5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".0.R%..................5.......5.......5.......r.\.".\.".0.R)..................5.......5.......5.......r.\.".\.".0.R-..................5.......5.......5.......r.\.".\."./.5.......5.......r.\.".\.".\."./.5.......5.......5.......r.\.".\.".\.".S.5.......5.......5.......r.\.".\.".\.".S.S.-...5.......5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".S.5.......5.......r \.".\.".S.5.......5.......r!\.".\.".\"".5.......5.......5.......r#\.".0.R%..................5.......5.......r$\.".0.R)..................5.......5.......r%\.".0.R-..................5.......5.......r&\.".\.RN..................5.......r(S...r)\)".5.......r*C)\.".S...".5.......5.......r+S...r,\,".5.......r,\.".\,5.......r-\,R]..................5.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\certifi\cacert.pem

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):299427
                                                                                                                                                                                                                                      Entropy (8bit):6.047872935262006
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                                                      MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                                                      SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                                                      SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                                                      SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\charset_normalizer\md.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10752
                                                                                                                                                                                                                                      Entropy (8bit):4.818583535960129
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:Mvs10hZd9D74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCFCCQAADo+cX6m:MXv9XFCk2z1/t12iwU5usJFuCyPcqgE
                                                                                                                                                                                                                                      MD5:56FE4F6C7E88212161F49E823CCC989A
                                                                                                                                                                                                                                      SHA1:16D5CBC5F289AD90AEAA4FF7CB828627AC6D4ACF
                                                                                                                                                                                                                                      SHA-256:002697227449B6D69026D149CFB220AC85D83B13056C8AA6B9DAC3FD3B76CAA4
                                                                                                                                                                                                                                      SHA-512:7C9D09CF9503F73E6F03D30E54DBB50606A86D09B37302DD72238880C000AE2B64C99027106BA340753691D67EC77B3C6E5004504269508F566BDB5E13615F1E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k............r_...........r................................................3..........Rich....................PE..d....$.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\charset_normalizer\md__mypyc.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):124928
                                                                                                                                                                                                                                      Entropy (8bit):5.953784637413928
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:JDE+0ov6ojgN3qN8h51Zlh+YW5E38vCsmLS:JdefPZE2ICDLS
                                                                                                                                                                                                                                      MD5:10116447F9276F10664BA85A5614BA3A
                                                                                                                                                                                                                                      SHA1:EFD761A3E6D14E897D37AFB0C7317C797F7AE1D6
                                                                                                                                                                                                                                      SHA-256:C393098E7803ABF08EE8F7381AD7B0F8FAFFBF66319C05D72823308E898F8CFC
                                                                                                                                                                                                                                      SHA-512:C04461E52B7FE92D108CBDEB879B7A8553DD552D79C88DFA3F5D0036EED8D4B8C839C0BF2563BC0C796F8280ED2828CA84747CB781D2F26B44214FCA2091EAE4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y.....................7...............7.......7.......7.......6..........D....6.......6.......6.......6......Rich............................PE..d....$.g.........." ...).@...........C.......................................0............`.........................................0...d.................................... ......................................P...@............P...............................text....?.......@.................. ..`.rdata..nY...P...Z...D..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\cryptography-43.0.3.dist-info\INSTALLER

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                                                                                      Entropy (8bit):1.5
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:Mn:M
                                                                                                                                                                                                                                      MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                      SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                      SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                      SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:pip.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\cryptography-43.0.3.dist-info\METADATA

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5440
                                                                                                                                                                                                                                      Entropy (8bit):5.074230645519915
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:DloQIUQIhQIKQILbQIRIaMPktjaVxsxA2TLLDmplH7dwnqTIvrUmA0JQTQCQx5KN:RcPuP1srTLLDmplH7JTIvYX0JQTQ9x54
                                                                                                                                                                                                                                      MD5:C891CD93024AF027647E6DE89D0FFCE2
                                                                                                                                                                                                                                      SHA1:01D8D6F93F1B922A91C82D4711BCEFB885AD47B0
                                                                                                                                                                                                                                      SHA-256:EB36E0E4251E8479EF36964440755EF22BEDD411BA87A93F726FA8E5BB0E64B0
                                                                                                                                                                                                                                      SHA-512:3386FBB3DCF7383B2D427093624C531C50BE34E3E0AA0984547B953E04776D0D431D5267827F4194A9B0AD1AB897869115623E802A6A1C5D2AE1AD82C96CCE71
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:Metadata-Version: 2.3.Name: cryptography.Version: 43.0.3.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\cryptography-43.0.3.dist-info\RECORD

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):15485
                                                                                                                                                                                                                                      Entropy (8bit):5.562603127346912
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:1XxTB7oz5jF4EHRThXsI4WPm6LciTwqU+NX6in5hqw/t+B:1XX7ohCE3sIPm6LciTwqU+96inhgB
                                                                                                                                                                                                                                      MD5:196EB487FE23136C14B43FE28FD62DAD
                                                                                                                                                                                                                                      SHA1:B7878EA852FA6C6A9B173E60B81029B5B00BA691
                                                                                                                                                                                                                                      SHA-256:4032FF71C85740D209A454E06F96CBC56302ACEC18E1BD539D39369292DB2110
                                                                                                                                                                                                                                      SHA-512:F2052E1F42C8EC69DCF501FFA32B27AEC939E769786BEE1F95C24466C774987F5AA8C13B5996D6C59D04755442EB421E53E0AE5EE0148872F9BD9FE01CF3FC8E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:cryptography-43.0.3.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-43.0.3.dist-info/METADATA,sha256=6zbg5CUehHnvNpZEQHVe8ivt1BG6h6k_cm-o5bsOZLA,5440..cryptography-43.0.3.dist-info/RECORD,,..cryptography-43.0.3.dist-info/WHEEL,sha256=8_4EnrLvbhzH224YH8WypoB7HFn-vpbwr_zHlr3XUBI,94..cryptography-43.0.3.dist-info/license_files/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-43.0.3.dist-info/license_files/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-43.0.3.dist-info/license_files/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=-FkHKD9mSuEfH37wsSKnQzJZmL5zUAUTpB5OeUQjPE0,445..cryptography/__init__.py,sha256=mthuUrTd4FROCpUYrTIqhjz6s6T9djAZrV7nZ1oMm2o,364..cryptography/__pycache__/__about__.cpython-313.pyc,,..cryptography/__pycache__/__init__.cpython-313.pyc,,..cryptography/__pycache__/exceptions.cpython-313.pyc,,..cryptography/__p

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\cryptography-43.0.3.dist-info\WHEEL

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):94
                                                                                                                                                                                                                                      Entropy (8bit):5.016084900984752
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:RtEeX5pGogP+tkKciH/KQb:RtvoTWKTQb
                                                                                                                                                                                                                                      MD5:C869D30012A100ADEB75860F3810C8C9
                                                                                                                                                                                                                                      SHA1:42FD5CFA75566E8A9525E087A2018E8666ED22CB
                                                                                                                                                                                                                                      SHA-256:F3FE049EB2EF6E1CC7DB6E181FC5B2A6807B1C59FEBE96F0AFFCC796BDD75012
                                                                                                                                                                                                                                      SHA-512:B29FEAF6587601BBE0EDAD3DF9A87BFC82BB2C13E91103699BABD7E039F05558C0AC1EF7D904BCFAF85D791B96BC26FA9E39988DD83A1CE8ECCA85029C5109F0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:Wheel-Version: 1.0.Generator: maturin (1.7.0).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\cryptography-43.0.3.dist-info\license_files\LICENSE

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):197
                                                                                                                                                                                                                                      Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                                      MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                                      SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                                      SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                                      SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\cryptography-43.0.3.dist-info\license_files\LICENSE.APACHE

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):11360
                                                                                                                                                                                                                                      Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                                      MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                                      SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                                      SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                                      SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\cryptography-43.0.3.dist-info\license_files\LICENSE.BSD

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1532
                                                                                                                                                                                                                                      Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                                      MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                                      SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                                      SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                                      SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):7834624
                                                                                                                                                                                                                                      Entropy (8bit):6.517862303223651
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:oFNZj7fIo9W67PapgzJTkrXyzNzpXAbuiqCgIns3mYEXEqMrIU6i7GtlqdVwASO/:QI9X/gIFYEXME+oFNr5VQCJheq4BsxH
                                                                                                                                                                                                                                      MD5:BFD28B03A4C32A9BCB001451FD002F67
                                                                                                                                                                                                                                      SHA1:DD528FD5F4775E16B2E743D3188B66F1174807B2
                                                                                                                                                                                                                                      SHA-256:8EF0F404A8BFF12FD6621D8F4F209499613F565777FE1C2A680E8A18F312D5A7
                                                                                                                                                                                                                                      SHA-512:6DC39638435F147B399826E34F78571D7ED2ED1232275E213A2B020224C0645E379F74A0CA5DE86930D3348981C8BB03BBBECFA601F8BA781417E7114662DDEE
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r.b.6...6...6...?..$...&9..4...&9..2...&9..>...&9..'...}...8...Y<..5...6...2...~8..I...6.......~8..7...~8..7...Rich6...........PE..d......g.........." ...)..Y..$........W.......................................w...........`..........................................q.....l.q.............. s...............w......zi.T....................{i.(...Pyi.@.............Y..............................text...k.Y.......Y................. ..`.rdata...A....Y..B....Y.............@..@.data...@+....q.......q.............@....pdata....... s.......r.............@..@.reloc........w.......v.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\h2-4.1.0.dist-info\INSTALLER

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                                                                                      Entropy (8bit):1.5
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:Mn:M
                                                                                                                                                                                                                                      MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                      SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                      SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                      SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:pip.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\h2-4.1.0.dist-info\LICENSE

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1102
                                                                                                                                                                                                                                      Entropy (8bit):5.120351253767657
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:24:bOLRrmJHHH0yN3gtsHw1hj9QHOsUv4eOk4/+/m3oqLF5n:bOLRaJHlxE35QHOs5exm3ogF5n
                                                                                                                                                                                                                                      MD5:AA3B9B4395563DD427BE5F022EC321C1
                                                                                                                                                                                                                                      SHA1:80129BCE9030CF215FC93006DCE98B0BA8C778F8
                                                                                                                                                                                                                                      SHA-256:7A65A5AF0CBABF1C16251C7C6B2B7CB46D16A7222E79975B9B61FCD66A2E3F28
                                                                                                                                                                                                                                      SHA-512:62337AD684E4AA1192DBA00503EED316F28F6480ACEA90442774BE544C970C3F9012933B451C036DB3AC388C495153D6C9FA04E1844E0A483E8E767218B90690
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:The MIT License (MIT)..Copyright (c) 2015-2020 Cory Benfield and contributors..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\h2-4.1.0.dist-info\METADATA

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):3583
                                                                                                                                                                                                                                      Entropy (8bit):4.978673419311688
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:D7evWamPktjxsxMMrgfHcxfS+UvWQH46o1WvUXCR:+RsMCgfGfS+UvW63MyR
                                                                                                                                                                                                                                      MD5:566784A778E8B69F205F14DAC1D57817
                                                                                                                                                                                                                                      SHA1:B1B850F3D43CC453086BED7034675426F81C9BDE
                                                                                                                                                                                                                                      SHA-256:C504EAA29585F6BDD95644FEC420C7016599401DE0FF3CAA80AC429748A847A4
                                                                                                                                                                                                                                      SHA-512:CFD127A2868E94E5F4FAFAB78A3153094D45F6538AE77642ADE9FABC5580D47DA2EC40A2EB7BF11FD6F5A21553A4489F5278B76AC017D738B64C4C9579B38D55
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:Metadata-Version: 2.1.Name: h2.Version: 4.1.0.Summary: HTTP/2 State-Machine based protocol implementation.Home-page: https://github.com/python-hyper/h2.Author: Cory Benfield.Author-email: cory@lukasa.co.uk.License: MIT License.Platform: UNKNOWN.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.6.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: Implementation :: CPython.Classifier: Programming Language :: Python :: Implementation :: PyPy.Requires-Python: >=3.6.1.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: hyperframe (<7,>=6.0).

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\h2-4.1.0.dist-info\RECORD

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1716
                                                                                                                                                                                                                                      Entropy (8bit):5.8211741515807445
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:48:pnuXipSpe7lLCDHPk0M3T429PTW/2B7V0Wh85dGlLt4qYt29tw:sXEFgHe3T42VTW/2tV0MmdGlLtnY89m
                                                                                                                                                                                                                                      MD5:D87AEDCBB68CBE9452841B2CCF60912D
                                                                                                                                                                                                                                      SHA1:A52A782A2954A756483F58BC96007BA4183FA020
                                                                                                                                                                                                                                      SHA-256:2064CC9A20B0FB9F6BC1D8BB5C819AAC32A729C2D0CAD20933E1CD88397B84BB
                                                                                                                                                                                                                                      SHA-512:D2F863769FAFA427020C59FA0CCE704B4487D30FF8D5398FEB3724AFEFC273DC006CF16F2B24B875C3EC8550B74E09F02B910A8AC78C7A70A0F8D0496BE1DEA5
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:h2-4.1.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..h2-4.1.0.dist-info/LICENSE,sha256=emWlrwy6vxwWJRx8ayt8tG0WpyIueZdbm2H81mouPyg,1102..h2-4.1.0.dist-info/METADATA,sha256=xQTqopWF9r3ZVkT-xCDHAWWZQB3g_zyqgKxCl0ioR6Q,3583..h2-4.1.0.dist-info/RECORD,,..h2-4.1.0.dist-info/WHEEL,sha256=OqRkF0eY5GHssMorFjlbTIq072vpHpF60fIQA6lS9xA,92..h2-4.1.0.dist-info/top_level.txt,sha256=Hiulx8KxI2jFUM1dG7-CZeRkO3j50MBwCLG36Vrq-kI,3..h2/__init__.py,sha256=inV-bCAUhD_QGjQe5Mk8gl7F85v26UW9W3BHov9vBAA,86..h2/__pycache__/__init__.cpython-313.pyc,,..h2/__pycache__/config.cpython-313.pyc,,..h2/__pycache__/connection.cpython-313.pyc,,..h2/__pycache__/errors.cpython-313.pyc,,..h2/__pycache__/events.cpython-313.pyc,,..h2/__pycache__/exceptions.cpython-313.pyc,,..h2/__pycache__/frame_buffer.cpython-313.pyc,,..h2/__pycache__/settings.cpython-313.pyc,,..h2/__pycache__/stream.cpython-313.pyc,,..h2/__pycache__/utilities.cpython-313.pyc,,..h2/__pycache__/windows.cpython-313.pyc,,..h2/config

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\h2-4.1.0.dist-info\WHEEL

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):92
                                                                                                                                                                                                                                      Entropy (8bit):4.842566724466667
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:RtEeX7MWcSlViHoKKjP+tPCCfA5S:RtBMwlViQWBBf
                                                                                                                                                                                                                                      MD5:11AA48DBE7E7CC631B11DD66DC493AEB
                                                                                                                                                                                                                                      SHA1:249FDB01AD3E3F71356E33E1897D06F23CFB20C2
                                                                                                                                                                                                                                      SHA-256:3AA464174798E461ECB0CA2B16395B4C8AB4EF6BE91E917AD1F21003A952F710
                                                                                                                                                                                                                                      SHA-512:EDD5892C9B2FE1F2439C53D2CD05F4478EC360885054BD06AFCF7936F6D066377FEE07796DAE9ECDF810E3D6100E039CAD48F00AD0E3145693D53E844CC5319D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.36.2).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\h2-4.1.0.dist-info\top_level.txt

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):3
                                                                                                                                                                                                                                      Entropy (8bit):1.584962500721156
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:Vn:V
                                                                                                                                                                                                                                      MD5:4217C1CE78C1E6BAE73FE12CE19C51D3
                                                                                                                                                                                                                                      SHA1:8BA0141FFAA18F4355DB911606B6B283D9BEF1B1
                                                                                                                                                                                                                                      SHA-256:1E2BA5C7C2B12368C550CD5D1BBF8265E4643B78F9D0C07008B1B7E95AEAFA42
                                                                                                                                                                                                                                      SHA-512:E735248AA6CC62335983C38AC04631F512B1444D3FACD5FE00064F6649D9382CC8A1661BFEF4978156B2BBD93C27FCDFD581416B05EBC91B59FEFD3C51207067
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:h2.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\libcrypto-3.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5232408
                                                                                                                                                                                                                                      Entropy (8bit):5.940072183736028
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
                                                                                                                                                                                                                                      MD5:123AD0908C76CCBA4789C084F7A6B8D0
                                                                                                                                                                                                                                      SHA1:86DE58289C8200ED8C1FC51D5F00E38E32C1AAD5
                                                                                                                                                                                                                                      SHA-256:4E5D5D20D6D31E72AB341C81E97B89E514326C4C861B48638243BDF0918CFA43
                                                                                                                                                                                                                                      SHA-512:80FAE0533BA9A2F5FA7806E86F0DB8B6AAB32620DDE33B70A3596938B529F3822856DE75BDDB1B06721F8556EC139D784BC0BB9C8DA0D391DF2C20A80D33CB04
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(..7..<......v........................................0P.......O...`...........................................H.0.....O.@....@O.|.... L. .....O../...PO.$...`{D.8............................yD.@.............O..............................text.....7.......7................. ..`.rdata........7.......7.............@..@.data...Ao....K..<....K.............@....pdata....... L.......K.............@..@.idata...%....O..&....N.............@..@.00cfg..u....0O.......N.............@..@.rsrc...|....@O.......N.............@..@.reloc..~....PO.......N.............@..B................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\libffi-8.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):39696
                                                                                                                                                                                                                                      Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                                      MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                                      SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                                      SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                                      SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\libssl-3.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):792856
                                                                                                                                                                                                                                      Entropy (8bit):5.57949182561317
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:7LN1sdyIzHHZp5c3nlUa6lxzAG11rbmFe9Xbv:7LgfzH5I3nlUa2AU2Fe9Xbv
                                                                                                                                                                                                                                      MD5:4FF168AAA6A1D68E7957175C8513F3A2
                                                                                                                                                                                                                                      SHA1:782F886709FEBC8C7CEBCEC4D92C66C4D5DBCF57
                                                                                                                                                                                                                                      SHA-256:2E4D35B681A172D3298CAF7DC670451BE7A8BA27C26446EFC67470742497A950
                                                                                                                                                                                                                                      SHA-512:C372B759B8C7817F2CBB78ECCC5A42FA80BDD8D549965BD925A97C3EEBDCE0335FBFEC3995430064DEAD0F4DB68EBB0134EB686A0BE195630C49F84B468113E3
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.>..|m..|m..|m.u.m..|m+.}l..|m.u}l..|m+..l..|m+.xl..|m+.yl..|m..}l..|m..}m..|m..xl..|m..|l..|m...m..|m..~l..|mRich..|m................PE..d......f.........." ...(.>..........K........................................0......!+....`..........................................x...Q..............s.... ...M......./......d...p...8...............................@............................................text....<.......>.................. ..`.rdata..hz...P...|...B..............@..@.data...qN.......H..................@....pdata..pV... ...X..................@..@.idata...c.......d...^..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..C...........................@..B........................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\python3.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):70416
                                                                                                                                                                                                                                      Entropy (8bit):6.1258200129869405
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:pQEotsskOv6pWVCB4p/uKlZPRQcFIc9qunV0Jku/YFI1Hu1wEBbCpVNyD6VdPxiD:/otssyKcunV8PjZIJy0i7SyWH1
                                                                                                                                                                                                                                      MD5:16855EBEF31C5B1EBE767F1C617645B3
                                                                                                                                                                                                                                      SHA1:315521F3A748ABFA35CD4D48E8DD09D0556D989B
                                                                                                                                                                                                                                      SHA-256:A5C6A329698490A035133433928D04368CE6285BB91A9D074FC285DE4C9A32A4
                                                                                                                                                                                                                                      SHA-512:C3957B3BD36B10C7AD6EA1FF3BC7BD65CDCEB3E6B4195A25D0649AA0DA179276CE170DA903D77B50A38FC3D5147A45BE32DBCFDBFBF76CC46301199C529ADEA4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%?..a^e.a^e.a^e.).m.`^e.).e.`^e.)..`^e.).g.`^e.Richa^e.........PE..d......g.........." ...)............................................................z.....`.........................................`..................................../..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\python313.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):6083856
                                                                                                                                                                                                                                      Entropy (8bit):6.126922729922386
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:fXGc3O7T4DKX+vLFMmKYxiAYNBD987KdJlI9HbeX2jrgQcw6Zc4h67mM+XDQ3bLi:Of42zJiwJl/YF7v3vaHDMiEN3Kr
                                                                                                                                                                                                                                      MD5:B9DE917B925DD246B709BB4233777EFD
                                                                                                                                                                                                                                      SHA1:775F258D8B530C6EA9F0DD3D1D0B61C1948C25D2
                                                                                                                                                                                                                                      SHA-256:0C0A66505093B6A4BB3475F716BD3D9552095776F6A124709C13B3F9552C7D99
                                                                                                                                                                                                                                      SHA-512:F4BF3398F50FDD3AB7E3F02C1F940B4C8B5650ED7AF16C626CCD1B934053BA73A35F96DA03B349C1EB614BB23E0BC6B5CC58B07B7553A5C93C6D23124F324A33
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s]{v ]{v ]{v M.w!_{v M.. S{v M.u!Y{v M.r!U{v M.s!P{v T.. G{v ..w!V{v ]{w .zv ..{!.{v ..v!\{v ... \{v ..t!\{v Rich]{v ........................PE..d......g.........." ...).:+..T9......J........................................d.....uF]...`...........................................O.....h.P.......d......0].......\../....d..... A3.T.....................I.(....?3.@............P+..............................text....8+......:+................. ..`.rdata....%..P+...%..>+.............@..@.data...$9....P..N....P.............@....pdata.......0]...... U.............@..@PyRuntim.N...._..P....W.............@....rsrc.........d.......[.............@..@.reloc........d.......[.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\pywin32_system32\pythoncom313.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):678400
                                                                                                                                                                                                                                      Entropy (8bit):6.050905552138285
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:r0G3L613PCcuXLq0Qroh0abOY6RWd0GrNmFKlOKdSAjUpdc6YcAQE7KytwhrPYL+:AGm16c0QroXbWnGVlOKQpdAUmN+
                                                                                                                                                                                                                                      MD5:070B0C071A05B06223B927F1711E0B9C
                                                                                                                                                                                                                                      SHA1:C482B1E1C1CDA3E0AEB84A0C3EF315C355BA003B
                                                                                                                                                                                                                                      SHA-256:9D1097ABAD812B53A68C2BFCF9EFEF7559E39873950A000FAC9A7C7C5B199292
                                                                                                                                                                                                                                      SHA-512:D05389A078C66426EA9CA3A8DF1721ABE246F59A3684DCFA9C5B031A93D96506A0D3BB8795330CFC0E81B23BBF7D91BBDE51EFFD152A234BA5ED63673F41086B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........~..-..-..-...-...-..,..-..,..-..,..-..,..-..,..-..,..-...,..-..,..-..-...-..,...-..,..-..,..-Rich..-................PE..d......g.........." ................4........................................ ............`..........................................u...c..............l....`...{............... ..`1..T............................1..8............................................text...#........................... ..`.rdata...$.......&..................@..@.data....L..........................@....pdata...{...`...|..................@..@.rsrc...l............4..............@..@.reloc... ......."...8..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\pywin32_system32\pywintypes313.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):135680
                                                                                                                                                                                                                                      Entropy (8bit):6.0205382324631955
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:q9GPDeI1KuOQEbULZYY/r06YrqHXmZEdb/XAnLT:GgDJ1vOlbfY/rke3mZE9/XA
                                                                                                                                                                                                                                      MD5:2A87D04E9E7CBFF67E8EA4F6315C0EBB
                                                                                                                                                                                                                                      SHA1:CF5B2BB53B37087ECA18E509B8551ED5CB7575D9
                                                                                                                                                                                                                                      SHA-256:D011068781CFBA0955258505DBE7E5C7D3D0B955E7F7640D2F1019D425278087
                                                                                                                                                                                                                                      SHA-512:2138E051AC116D3ABE11101C75F8BD8388D7FBA89B15E6F82DC35FD78BDD913ED8BA468769F68440CE7834825806281AA15F0023855E3B8248266414D60A4A44
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.J+.z$x.z$x.z$x...x.z$xW.%y.z$xc..x.z$xW.!y.z$xW. y.z$xW.'y.z$xN. y.z$xM.%y.z$xN.%y.z$x.z%x.z$x..-y.z$x..$y.z$x..&y.z$xRich.z$x................PE..d...X..g.........." .........................................................`............`.........................................0...lB......,....@..l.... ...............P..0....a..T............................b..8...............p............................text...9........................... ..`.rdata..............................@..@.data....-.......(..................@....pdata....... ......................@..@.rsrc...l....@......................@..@.reloc..0....P......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\select.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):30992
                                                                                                                                                                                                                                      Entropy (8bit):6.554484610649281
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:7hhxm9tKLhuoNHfzzlvFy0ZZIJ9GckHQIYiSy1pCQ4HWSJIVE8E9VF0Ny6sC:tCytHf98uZIJ9Gx5YiSyvy2ES
                                                                                                                                                                                                                                      MD5:20831703486869B470006941B4D996F2
                                                                                                                                                                                                                                      SHA1:28851DFD43706542CD3EF1B88B5E2749562DFEE0
                                                                                                                                                                                                                                      SHA-256:78E5994C29D8851F28B5B12D59D742D876683AEA58ECEEA1FB895B2036CDCDEB
                                                                                                                                                                                                                                      SHA-512:4AAF5D66D2B73F939B9A91E7EDDFEB2CE2476C625586EF227B312230414C064AA850B02A4028363AA4664408C9510594754530A6D026A0A84BE0168D677C1BC4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........tV..'V..'V..'_.j'T..'F:.&T..'F:.&R..'F:.&^..'F:.&Z..'.;.&T..'V..'...'...&S..'.;.&W..'.;.&W..'.;.'W..'.;.&W..'RichV..'................PE..d.....g.........." ...).....2............................................................`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...p....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\unicodedata.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):709904
                                                                                                                                                                                                                                      Entropy (8bit):5.861739047785334
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:FYGdLI/X77mvfldCKGihH32W3cnPSqrUgLIe:FYGW7qNxr3cnPXLIe
                                                                                                                                                                                                                                      MD5:0902D299A2A487A7B0C2D75862B13640
                                                                                                                                                                                                                                      SHA1:04BCBD5A11861A03A0D323A8050A677C3A88BE13
                                                                                                                                                                                                                                      SHA-256:2693C7EE4FBA55DC548F641C0CB94485D0E18596FFEF16541BD43A5104C28B20
                                                                                                                                                                                                                                      SHA-512:8CBEF5A9F2D24DA1014F8F1CCBDDD997A084A0B04DD56BCB6AC38DDB636D05EF7E4EA7F67A085363AAD3F43D45413914E55BDEF14A662E80BE955E6DFC2FECA3
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q.............(.....(.....(.....(.....)................).....).....)x....)....Rich..................PE..d.....g.........." ...).B...f......P,..............................................<.....`.........................................P...X................................/..........p...T...........................0...@............`..h............................text....@.......B.................. ..`.rdata...?...`...@...F..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\win32\_win32sysloader.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):14848
                                                                                                                                                                                                                                      Entropy (8bit):5.116146861242879
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:ketklgde+ljBEs0I62SbPbVlQmUAaPHTPMRX7aMHvcqvn7yab6x/:/d1tT0h2SbAmFaPHTmphvH6x/
                                                                                                                                                                                                                                      MD5:5521E251A515964D04BC90CE8A2AA24C
                                                                                                                                                                                                                                      SHA1:F7B4AB985DC9A1C7EF2F716999D276D126515BEC
                                                                                                                                                                                                                                      SHA-256:F382CFFA30F533484FA6314E90A1408F0826867D70B3320220FD86AAFAC37526
                                                                                                                                                                                                                                      SHA-512:FFEB0185B6D74881B3DCA25BA1B11C33CBCF3B466F3F1B888D662611925399BA2C7D8F133673474F691C068E67811A3FAD0FC057036A5B156B735019FAA882B9
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........%g.ND..ND..ND..G<..LD...1..LD...<..LD...1..ED...1..FD...1..MD......MD..ND..dD..1..OD..1..OD..1..OD..RichND..................PE..d...|..g.........." ......................................................................`..........................................;..`...p;..d....p..t....`..................@...|2..T............................2..8............0..p............................text............................... ..`.rdata..4....0......................@..@.data........P......................@....pdata.......`.......0..............@..@.rsrc...t....p.......4..............@..@.reloc..@............8..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\win32\win32api.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):133632
                                                                                                                                                                                                                                      Entropy (8bit):5.868928551727267
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:mQKZG4IWJW8E60/c0nlRVFhLaNzvX2/qQvmYbtrprA3e:ZKZG7WgdnlRVgvm/qQDtrprA
                                                                                                                                                                                                                                      MD5:C5067F04B506B09E48D4D07470E5A182
                                                                                                                                                                                                                                      SHA1:20435C1A092141CE67E943C95E5CF522762ACD91
                                                                                                                                                                                                                                      SHA-256:E19294BC2C145A9D87D4A2D8412830C8FF4C8C1B9AD005BD68ABD4B566AF1887
                                                                                                                                                                                                                                      SHA-512:56F08A5EB927921DED50E92EA972253E68C1216DAA48871B3AA9ED62DB5712E665DFDA406C73E9F33736B61ED1F0CD016E6B4FFEE0237781FB98EEB63672F81E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V............................................+.............................................Rich............PE..d......g.........." .........................................................P............`......................................... ................0..\.......X............@..X...xv..T............................;..8............0..........@....................text............................... ..`.rdata......0......................@..@.data...X(......."..................@....pdata..X...........................@..@.rsrc...\....0......................@..@.reloc..X....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\win32\win32trace.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):24064
                                                                                                                                                                                                                                      Entropy (8bit):5.260538552870905
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:k1CAOcv3ugutnS5nW8sHt+9Nie20T8DmDxPBQ/vMj75yn9OJg1Bl:kh/pWKJPy/0PUOJuB
                                                                                                                                                                                                                                      MD5:75C14B382EEF49322BB28F79DD2A7A54
                                                                                                                                                                                                                                      SHA1:13CCCA1F8B19D68331E7FE981113B042FAC34408
                                                                                                                                                                                                                                      SHA-256:5049C9956310FFC80C1C21C2D8A6562BA810E4592DB7DAD92462D238D82F65C0
                                                                                                                                                                                                                                      SHA-512:3182316DEF1F09FF45C87BF6A099EF4C4D0AFA0CFF073C54AB59159E79E096ADCA0C4912B1851DE42E5EE0FC5B6C4163FCCB833A4CCE8F2AA42079D0C11D0D7A
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(U.F..F..F.......F...G...F...C...F...B...F...E..F.8.G...F...G...F...G...F..G...F.8.O..F.8.F..F.8.D..F.Rich.F.................PE..d...w..g.........." .....,...........(....................................................`..........................................Q..T....Q..........d....p..,....................G..T...........................0H..8............@...............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data...(....`.......L..............@....pdata..,....p.......R..............@..@.rsrc...d............X..............@..@.reloc...............\..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\zstandard\_cffi.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):650752
                                                                                                                                                                                                                                      Entropy (8bit):6.407907101203656
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:Oz5QLUL4lK9bQkMZ/jZMaBHX7vu3XSAU128zkpWCucchvkf8HpbUPAKjgCX3oRx:Ozb4lK9ckWBHXKSA584ENcyv6sUPAKg
                                                                                                                                                                                                                                      MD5:0C4037C8EE7D926265B6AC499C323599
                                                                                                                                                                                                                                      SHA1:B2F5B324449814C25E7262E2B7598B2596AD34B8
                                                                                                                                                                                                                                      SHA-256:5134A34833CDCDC64546BEB50AABFC09496F457FFB76F6ECDE01E8D9D30BC177
                                                                                                                                                                                                                                      SHA-512:99C5CBA330D1266D46F51348CD1D08920385E42A41ED9BA53AACB5E39C9297B7153BB0F66EAC157D1869877D718BF24486E78033A2F2218E7891E415FE9EC2FD
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F...........1....r....I......r.....r.....r.....u......J..u.....u.....u]....u....Rich..........PE..d....'.f.........." ...(.....\......P........................................0............`.........................................0...\........................3........... .......d..............................Pc..@...............@............................text...x........................... ..`.rdata..b...........................@..@.data...............................@....pdata...3.......4..................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI77602\zstandard\backend_c.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):520192
                                                                                                                                                                                                                                      Entropy (8bit):6.408267868238645
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:AL1TGmvt0Vwyow0k1rErgw25rDjEA0Z7k45sWOC:A5lvt0Vw9fk1rErV25rE57k
                                                                                                                                                                                                                                      MD5:23266E25821CE9E162F050DB8B81C6F9
                                                                                                                                                                                                                                      SHA1:FD1049338E304D7688562991091D59C310999B23
                                                                                                                                                                                                                                      SHA-256:0B494D168A67F2EB2D75593714A4DB65FE0F000B66388AB3C721A67515A2FEFC
                                                                                                                                                                                                                                      SHA-512:E118531A6BF5354BF082D4CEAAF5247FEA3305A9ADD399ECBBE08AB083D39AB760F3CA28A0DD2B4D5D8400F3E88EC3DECD696E3987FB9F2264A5B8B16F66A61B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................k...........k.....k.....k.....l......T..l.....l.....ln....l....Rich..................PE..d....'.f.........." ...(............ ........................................0............`......................................... ...d........................)........... ..d...0\...............................Z..@...............(............................text...H........................... ..`.rdata.............................@..@.data....-.......(..................@....pdata...).......*..................@..@.rsrc...............................@..@.reloc..d.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\Pythonwin\mfc140u.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5653536
                                                                                                                                                                                                                                      Entropy (8bit):6.729079283804055
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:ULnsrdZXUTQyJa9qgUUjlQNXkW8GCBTDgHsYogTYn3s3pQMqSj+vTCfEs7ATWYls:UoJUEUYS3zUQFLOAkGkzdnEVomFHKnP+
                                                                                                                                                                                                                                      MD5:CD1D99DF975EE5395174DF834E82B256
                                                                                                                                                                                                                                      SHA1:F395ADA2EFC6433B34D5FBC5948CB47C7073FA43
                                                                                                                                                                                                                                      SHA-256:D8CA1DEA862085F0204680230D29BFF4D168FFF675AB4700EEAF63704D995CB3
                                                                                                                                                                                                                                      SHA-512:397F725E79CA2C68799CF68DFB111A1570427F3D2175D740758C387BDAA508BC9014613E997B92FC96E884F66BB17F453F8AA035731AFD022D9A4E7095616F87
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.cu...&...&...&...'...&...'...&...'...&..&...&G..'...&G..'...&...'...&...&..&G..'...&G..'...&G..'...&G..'...&G..&...&G..'...&Rich...&................PE..d...9.:e.........." .....(-..X)......X,.......................................V.....&~V...`A..........................................:.....h.;.......?......`=..8....V. (...PU.0p..P.5.T...........................`...8............@-.P...(.:......................text....&-......(-................. ..`.rdata.......@-......,-.............@..@.data....6... <.......<.............@....pdata...8...`=..:....<.............@..@.didat..H.....?.......?.............@....rsrc.........?.......?.............@..@.reloc..0p...PU..r....T.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\Pythonwin\win32ui.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1044992
                                                                                                                                                                                                                                      Entropy (8bit):6.005174713821525
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:cVDH7h88c4vGmhhbrGRUDG+AYZ2OWTw/3EnrE:sDHdRcgFv8qWTwco
                                                                                                                                                                                                                                      MD5:9AF5F53A9201B7E62AC91EDC8AB89C6A
                                                                                                                                                                                                                                      SHA1:4DDFE7AF2248A76B5DB90AF0EAF4C80E2B4CD6DB
                                                                                                                                                                                                                                      SHA-256:F84528FC136D8ABAE77543B8E9E8C9489C4495C491807907E675C15F028816F6
                                                                                                                                                                                                                                      SHA-512:0581BA9951452BD7B2A193B8D73573B49CB8115468B6AF8B988628670A768A6882AC4C2C9FAA559F731ADD4378DCF606C3FFEEF96AD8A479B272E6C429DC1293
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;`K.Z...Z...Z..."...Z..=/...Z.......Z..."...Z.../...Z.../...Z.../...Z...Z...\.../...Z..=/...Z..=/...Z..=/...Z..=/...Z..Rich.Z..........................PE..d...~..g.........." .....|...r......T1....................................................`.............................................T......h............p..............0..`\......T.......................(.......8................0...........................text....z.......|.................. ..`.rdata.............................@..@.data........P.......6..............@....pdata......p......................@..@.rsrc................z..............@..@.reloc..`\...0...^..................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\VCRUNTIME140.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):120400
                                                                                                                                                                                                                                      Entropy (8bit):6.6017475353076716
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:N9TXF5LLXQLlNycKW+D4SdqJk6aN1ACuyxLiyazYaCVoecbdhgOwAd+zfZ1zu:N9jelDoD9uyxLizzFzecbdPwA87S
                                                                                                                                                                                                                                      MD5:862F820C3251E4CA6FC0AC00E4092239
                                                                                                                                                                                                                                      SHA1:EF96D84B253041B090C243594F90938E9A487A9A
                                                                                                                                                                                                                                      SHA-256:36585912E5EAF83BA9FEA0631534F690CCDC2D7BA91537166FE53E56C221E153
                                                                                                                                                                                                                                      SHA-512:2F8A0F11BCCC3A8CB99637DEEDA0158240DF0885A230F38BB7F21257C659F05646C6B61E993F87E0877F6BA06B347DDD1FC45D5C44BC4E309EF75ED882B82E4E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\=..\...\...\..S$...\...$...\...\..5\...\...\.....\.....\.....\.....\......\.....\..Rich.\..........PE..d.....x.........." ...).$...d............................................................`A........................................0u..4...d}..........................PP...........^..p............................\..@............@...............................text............................... ..`fothk........0...................... ..`.rdata...C...@...D...(..............@..@.data................l..............@....pdata...............p..............@..@_RDATA...............|..............@..@.rsrc................~..............@..@.reloc..............................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):49744
                                                                                                                                                                                                                                      Entropy (8bit):6.701724666218339
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:ApzzO6ujT3MbR3v0Cz6SR8q83yaFdWr9zRcmgEl6U9zSC:9q/oGw3fFdwzRcmZFzSC
                                                                                                                                                                                                                                      MD5:68156F41AE9A04D89BB6625A5CD222D4
                                                                                                                                                                                                                                      SHA1:3BE29D5C53808186EBA3A024BE377EE6F267C983
                                                                                                                                                                                                                                      SHA-256:82A2F9AE1E6146AE3CB0F4BC5A62B7227E0384209D9B1AEF86BBCC105912F7CD
                                                                                                                                                                                                                                      SHA-512:F7BF8AD7CD8B450050310952C56F6A20B378A972C822CCC253EF3D7381B56FFB3CA6CE3323BEA9872674ED1C02017F78AB31E9EB9927FC6B3CBA957C247E5D57
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.{...{...{...0...y.......y...r.H.p...{...H.......|.......`.......~.......z.....$.z.......z...Rich{...........PE..d...l0.?.........." ...).<...8.......@...............................................b....`A........................................pm.......m..x....................r..PP......D....c..p...........................`b..@............P..`............................text....;.......<.................. ..`.rdata.."#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\_brotli.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):823808
                                                                                                                                                                                                                                      Entropy (8bit):6.062213302300903
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:XO85hNmCUoltfSNAHhlyp8aXTw05nmZfR:XTT6AzRAmZfR
                                                                                                                                                                                                                                      MD5:5ED46A7126DBDB70F3C60530E35BA035
                                                                                                                                                                                                                                      SHA1:B5C0DCBE3EE42E258CADD54AC46F70F1F903AE1B
                                                                                                                                                                                                                                      SHA-256:67DFA82DCAED04ED3F358D84B18D1375D59126161DE92E00164D36087B179D4D
                                                                                                                                                                                                                                      SHA-512:7F5D2B52C310A239182EEDD60833951D46CDD18CA2EDD828FCABED4299B2AB5DF506A2B271E33F129D0256D6DB90F9C902EE4D18A7E41CA61F65365504451DE0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."/a.fN..fN..fN..o6..nN..v...dN..-6..dN..v...eN..v...nN..v...kN......eN..fN..[N......FN......gN......gN......gN..RichfN..........PE..d....Q.g.........." ...).L...H.......O....................................................`......................................... t..`....t.................. ....................J..............................`I..@............`...............................text...XJ.......L.................. ..`.rdata.......`.......P..............@..@.data................l..............@....pdata.. ............t..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\_bz2.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):84240
                                                                                                                                                                                                                                      Entropy (8bit):6.607563436050078
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:Kdrz7l1EVLsSuvX3dUK4MLgqK7YEog8y5sV8lIJLVy7SyFB:urzcuvXvrEo7y6V8lIJLVyB
                                                                                                                                                                                                                                      MD5:CB8C06C8FA9E61E4AC5F22EEBF7F1D00
                                                                                                                                                                                                                                      SHA1:D8E0DFC8127749947B09F17C8848166BAC659F0D
                                                                                                                                                                                                                                      SHA-256:FC3B481684B926350057E263622A2A5335B149A0498A8D65C4F37E39DD90B640
                                                                                                                                                                                                                                      SHA-512:E6DA642B7200BFB78F939F7D8148581259BAA9A5EDDA282C621D14BA88083A9B9BD3D17B701E9CDE77AD1133C39BD93FC9D955BB620546BB4FCF45C68F1EC7D6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e...!m..!m..!m..(.o.+m..1...#m..1..."m..1...%m..1...)m..1...,m..i..."m..j...#m..!m..|m..i...)m..i... m..i... m..i... m..Rich!m..........PE..d.....g.........." ...).....\......0........................................P......7[....`.............................................H...(........0....... .. ......../...@..........T...........................`...@...............x............................text............................... ..`.rdata...=.......>..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\_cffi_backend.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):179200
                                                                                                                                                                                                                                      Entropy (8bit):6.189919896183334
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:X3LjFuaTzDGA3GrJwUdoSPhpRv9JUizQWS7LkSTLkKWgFIPXD0:X3QaT3GA3NSPhDsizTikSTLLWgF0z0
                                                                                                                                                                                                                                      MD5:5CBA92E7C00D09A55F5CBADC8D16CD26
                                                                                                                                                                                                                                      SHA1:0300C6B62CD9DB98562FDD3DE32096AB194DA4C8
                                                                                                                                                                                                                                      SHA-256:0E3D149B91FC7DC3367AB94620A5E13AF6E419F423B31D4800C381468CB8AD85
                                                                                                                                                                                                                                      SHA-512:7AB432C8774A10F04DDD061B57D07EBA96481B5BB8C663C6ADE500D224C6061BC15D17C74DA20A7C3CEC8BBF6453404D553EBAB22D37D67F9B163D7A15CF1DED
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......i..#-p.p-p.p-p.p$..p!p.p=.q/p.p=.zp)p.p=.q)p.p=.q%p.p=.q!p.pf..q)p.p9.q.p.p-p.p.p.pe..q)p.p$..p,p.pe..q,p.pe.xp,p.pe..q,p.pRich-p.p........................PE..d..._..f.........." ...).....B......@........................................0............`..........................................h..l....i..................T............ ......0O...............................M..@............................................text............................... ..`.rdata..............................@..@.data....].......0...n..............@....pdata..T...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\_ctypes.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):131344
                                                                                                                                                                                                                                      Entropy (8bit):6.311142284249784
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:3RF024DWkT/DKGkXY402iXnVJf/FO50XnekZ39gPhvEQZIJyPArm:j0nHT/DKFXZorf/FO50uW3SEQt
                                                                                                                                                                                                                                      MD5:A55E57D7594303C89B5F7A1D1D6F2B67
                                                                                                                                                                                                                                      SHA1:904A9304A07716497CF3E4EAAFD82715874C94F1
                                                                                                                                                                                                                                      SHA-256:F63C6C7E71C342084D8F1A108786CA6975A52CEFEF8BE32CC2589E6E2FE060C8
                                                                                                                                                                                                                                      SHA-512:FFA61AD2A408A831B5D86B201814256C172E764C9C1DBE0BD81A2E204E9E8117C66F5DFA56BB7D74275D23154C0ED8E10D4AE8A0D0564434E9761D754F1997FC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h~..............q...............................................q.......q......!u.............................................Rich....................PE..d.....g.........." ...).............h....................................... .......Z....`.........................................P.................................../...........=..T............................;..@............0...............................text............................... ..`.rdata...y...0...z..................@..@.data....$....... ..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\_decimal.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):277776
                                                                                                                                                                                                                                      Entropy (8bit):6.5855511991551
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:x9iD78EIq4x4OA5bZZ0KDgQcI79qWM53pLW1AFR8E4wXw76TPlpV77777VMvyk:xwDGqr5b8EgQ5+w6k
                                                                                                                                                                                                                                      MD5:F3377F3DE29579140E2BBAEEFD334D4F
                                                                                                                                                                                                                                      SHA1:B3076C564DBDFD4CA1B7CC76F36448B0088E2341
                                                                                                                                                                                                                                      SHA-256:B715D1C18E9A9C1531F21C02003B4C6726742D1A2441A1893BC3D79D7BB50E91
                                                                                                                                                                                                                                      SHA-512:34D9591590BBA20613691A5287EF329E5927A58127CE399088B4D68A178E3AF67159A8FC55B4FCDCB08AE094753B20DEC2AC3F0B3011481E4ED6F37445CECDD5
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j2U..\...\...\..s....\..]...\.._...\..X...\..Y...\...]...\..s]...\...].z.\..._...\...Q...\...\...\.......\...^...\.Rich..\.........................PE..d......g.........." ...).....Z...............................................P......W.....`.................................................L........0..........t+......./...@..........T...............................@............... ............................text.............................. ..`.rdata..\...........................@..@.data...8'......."..................@....pdata..t+.......,..................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\_hashlib.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):64272
                                                                                                                                                                                                                                      Entropy (8bit):6.220967684620152
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:eNJI0DWiflFwY9X3Th1JnptE462TxNvdbj4dIJvI75YiSyvE62Em:2LDxflFwY9XDhPfVNv+dIJvIF7Syc6c
                                                                                                                                                                                                                                      MD5:32D76C9ABD65A5D2671AEEDE189BC290
                                                                                                                                                                                                                                      SHA1:0D4440C9652B92B40BB92C20F3474F14E34F8D62
                                                                                                                                                                                                                                      SHA-256:838D5C8B7C3212C8429BAF612623ABBBC20A9023EEC41E34E5461B76A285B86C
                                                                                                                                                                                                                                      SHA-512:49DC391F4E63F4FF7D65D6FD837332745CC114A334FD61A7B6AA6F710B235339964B855422233FAC4510CCB9A6959896EFE880AB24A56261F78B2A0FD5860CD9
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W.A.6...6...6...N%..6.......6.......6.......6.......6.......6...N...6.......6...6..26.......6.......6....I..6.......6..Rich.6..........PE..d......g.........." ...).P...~.......=..............................................!.....`.........................................p...P................................/......X....l..T............................k..@............`...............................text....N.......P.................. ..`.rdata...M...`...N...T..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\_lzma.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):157968
                                                                                                                                                                                                                                      Entropy (8bit):6.854644275249963
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:KbbS4R/G4Z8r7NjwJTSUqCRY4By7znfB9mNowgn0lCelIJ012+j:KbR/8oWeBi5YOwflCe8o
                                                                                                                                                                                                                                      MD5:1BA022D42024A655CF289544AE461FB8
                                                                                                                                                                                                                                      SHA1:9772A31083223ECF66751FF3851D2E3303A0764C
                                                                                                                                                                                                                                      SHA-256:D080EABD015A3569813A220FD4EA74DFF34ED2A8519A10473EB37E22B1118A06
                                                                                                                                                                                                                                      SHA-512:2B888A2D7467E29968C6BB65AF40D4B5E80722FFDDA760AD74C912F3A2F315D402F3C099FDE82F00F41DE6C9FAAEDB23A643337EB8821E594C567506E3464C62
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V.,.V.,.V.,...,.V.,..-.V.,..-.V.,..-.V.,..-.V.,..-.V.,...-.V.,.V.,.V.,..-.V.,..-.V.,..u,.V.,..-.V.,Rich.V.,................PE..d......g.........." ...).`...........1.......................................p.......P....`.............................................L.......x....P.......0.......:.../...`..4....|..T...........................P{..@............p...............................text...^^.......`.................. ..`.rdata.......p.......d..............@..@.data........ ......................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..4....`.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\_queue.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):33552
                                                                                                                                                                                                                                      Entropy (8bit):6.446391764486538
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:7GpPCRjqMu/AoS6rf7sif0NHQibZIJ9UoOHQIYiSy1pCQ5xX1rSJIVE8E9VF0Nyf:fkTM6rg9aeZIJ9Uok5YiSyvTo2Et
                                                                                                                                                                                                                                      MD5:1C03CAA59B5E4A7FB9B998D8C1DA165A
                                                                                                                                                                                                                                      SHA1:8A318F80A705C64076E22913C2206D9247D30CD7
                                                                                                                                                                                                                                      SHA-256:B9CF502DADCB124F693BF69ECD7077971E37174104DBDA563022D74961A67E1E
                                                                                                                                                                                                                                      SHA-512:783ECDA7A155DFC96A718D5A130FB901BBECBED05537434E779135CBA88233DD990D86ECA2F55A852C9BFB975074F7C44D8A3E4558D7C2060F411CE30B6A915F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T...........-.........................................................................A...........Rich...................PE..d.....g.........." ...).....:.......................................................r....`.........................................PD..L....D..d....p.......`..l....T.../..........@4..T............................3..@............0...............................text............................... ..`.rdata..2....0....... ..............@..@.data........P.......>..............@....pdata..l....`.......D..............@..@.rsrc........p.......H..............@..@.reloc...............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\_socket.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):83728
                                                                                                                                                                                                                                      Entropy (8bit):6.331814573029388
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:XuV3gvWHQdMq3ORC/OypTXQlyJ+9+nzEYwsBI6tzOKuZIJywJ7Sy21:XuVQvcQTSypTXQlyJs+nzEYJI6QlZIJY
                                                                                                                                                                                                                                      MD5:FE896371430BD9551717EF12A3E7E818
                                                                                                                                                                                                                                      SHA1:E2A7716E9CE840E53E8FC79D50A77F40B353C954
                                                                                                                                                                                                                                      SHA-256:35246B04C6C7001CA448554246445A845CE116814A29B18B617EA38752E4659B
                                                                                                                                                                                                                                      SHA-512:67ECD9A07DF0A07EDD010F7E3732F3D829F482D67869D6BCE0C9A61C24C0FDC5FF4F4E4780B9211062A6371945121D8883BA2E9E2CF8EB07B628547312DFE4C9
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............ll}.ll}.ll}...}.ll}..m|.ll}..o|.ll}..h|.ll}..i|.ll}..m|.ll}.lm}.ll}..m|.ll}..a|.ll}..l|.ll}..}.ll}..n|.ll}Rich.ll}........PE..d.....g.........." ...).x.......... -.......................................`.......s....`.........................................@...P............@.......0.........../...P..........T...........................@...@............................................text....w.......x.................. ..`.rdata.. y.......z...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\_ssl.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):181520
                                                                                                                                                                                                                                      Entropy (8bit):5.972827303352998
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:kO+IWyXHllRhN1qhep7fM6CpqjZI8u7pUULbaLZErWreVEzvT3iFCNc6tYwJc1OW:kpSrhN1E2M6CpUuwg5dEW7
                                                                                                                                                                                                                                      MD5:1C0E3E447F719FBE2601D0683EA566FC
                                                                                                                                                                                                                                      SHA1:5321AB73B36675B238AB3F798C278195223CD7B1
                                                                                                                                                                                                                                      SHA-256:63AE2FEFBFBBBC6EA39CDE0A622579D46FF55134BC8C1380289A2976B61F603E
                                                                                                                                                                                                                                      SHA-512:E1A430DA2A2F6E0A1AED7A76CC4CD2760B3164ABC20BE304C1DB3541119942508E53EA3023A52B8BADA17A6052A7A51A4453EFAD1A888ACB3B196881226C2E5C
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FM.^.,k..,k..,k..T...,k...j..,k...h..,k...o..,k...n..,k.J.j..,k...j..,k..,j..-k.ITj..,k.J.f..,k.J.k..,k.J....,k.J.i..,k.Rich.,k.................PE..d......g.........." ...)............ /..............................................R\....`.............................................d................................/..............T...........................P...@............................................text...0........................... ..`.rdata..D%.......&..................@..@.data...`...........................@....pdata...............n..............@..@.rsrc................z..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\_wmi.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):38160
                                                                                                                                                                                                                                      Entropy (8bit):6.338856805460127
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:fEkK9VgWOZbs3550QcJpPllIJLiX5YiSyvQ602Euf0:fE93jkbQcJvlIJLiJ7Syq00
                                                                                                                                                                                                                                      MD5:1C30CC7DF3BD168D883E93C593890B43
                                                                                                                                                                                                                                      SHA1:31465425F349DAE4EDAC9D0FEABC23CE83400807
                                                                                                                                                                                                                                      SHA-256:6435C679A3A3FF4F16708EBC43F7CA62456C110AC1EA94F617D8052C90C143C7
                                                                                                                                                                                                                                      SHA-512:267A1807298797B190888F769D998357B183526DFCB25A6F1413E64C5DCCF87F51424B7E5D6F2349D7A19381909AB23B138748D8D9F5858F7DC0552F5C5846AC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H2.&a.&a.&a..a.&a..'`.&a..%`.&a.."`.&a..'`.&a..#`.&a..'`.&a.'a..&a.."`.&a../`.&a..&`.&a...a.&a..$`.&aRich.&a................PE..d.....g.........." ...).,...<.......)..............................................'.....`.........................................0V..H...xV.......................f.../......x...tG..T............................C..@............@.......T..@....................text....*.......,.................. ..`.rdata..d ...@..."...0..............@..@.data........p.......R..............@....pdata...............V..............@..@.rsrc................Z..............@..@.reloc..x............d..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\base_library.zip

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1394456
                                                                                                                                                                                                                                      Entropy (8bit):5.531698507573688
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:IW7WpLV6yNLeGQbVz3YQfiBgDPtLwjFx278e6ZQnHS91lqyL+DXUgnxOr+dx5/GO:B7WpLtHa9BHSHAW+dx5/GP05vddD
                                                                                                                                                                                                                                      MD5:A9CBD0455B46C7D14194D1F18CA8719E
                                                                                                                                                                                                                                      SHA1:E1B0C30BCCD9583949C247854F617AC8A14CBAC7
                                                                                                                                                                                                                                      SHA-256:DF6C19637D239BFEDC8CD13D20E0938C65E8FDF340622FF334DB533F2D30FA19
                                                                                                                                                                                                                                      SHA-512:B92468E71490A8800E51410DF7068DD8099E78C79A95666ECF274A9E9206359F049490B8F60B96081FAFD872EC717E67020364BCFA972F26F0D77A959637E528
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:PK..........!..b.e............_collections_abc.pyc......................................\.....S.r.S.S.K.J.r.J.r. .S.S.K.r.\.".\.\.....5.......r.\.".S.5.......r.S...r.\.".\.5.......r.C./.S.Q.r.S.r.\.".\.".S.5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".0.R%..................5.......5.......5.......r.\.".\.".0.R)..................5.......5.......5.......r.\.".\.".0.R-..................5.......5.......5.......r.\.".\."./.5.......5.......r.\.".\.".\."./.5.......5.......5.......r.\.".\.".\.".S.5.......5.......5.......r.\.".\.".\.".S.S.-...5.......5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".S.5.......5.......r \.".\.".S.5.......5.......r!\.".\.".\"".5.......5.......5.......r#\.".0.R%..................5.......5.......r$\.".0.R)..................5.......5.......r%\.".0.R-..................5.......5.......r&\.".\.RN..................5.......r(S...r)\)".5.......r*C)\.".S...".5.......5.......r+S...r,\,".5.......r,\.".\,5.......r-\,R]..................5.......

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\certifi\cacert.pem

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):299427
                                                                                                                                                                                                                                      Entropy (8bit):6.047872935262006
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                                                      MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                                                      SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                                                      SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                                                      SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\charset_normalizer\md.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10752
                                                                                                                                                                                                                                      Entropy (8bit):4.818583535960129
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:Mvs10hZd9D74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCFCCQAADo+cX6m:MXv9XFCk2z1/t12iwU5usJFuCyPcqgE
                                                                                                                                                                                                                                      MD5:56FE4F6C7E88212161F49E823CCC989A
                                                                                                                                                                                                                                      SHA1:16D5CBC5F289AD90AEAA4FF7CB828627AC6D4ACF
                                                                                                                                                                                                                                      SHA-256:002697227449B6D69026D149CFB220AC85D83B13056C8AA6B9DAC3FD3B76CAA4
                                                                                                                                                                                                                                      SHA-512:7C9D09CF9503F73E6F03D30E54DBB50606A86D09B37302DD72238880C000AE2B64C99027106BA340753691D67EC77B3C6E5004504269508F566BDB5E13615F1E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k............r_...........r................................................3..........Rich....................PE..d....$.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\charset_normalizer\md__mypyc.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):124928
                                                                                                                                                                                                                                      Entropy (8bit):5.953784637413928
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:JDE+0ov6ojgN3qN8h51Zlh+YW5E38vCsmLS:JdefPZE2ICDLS
                                                                                                                                                                                                                                      MD5:10116447F9276F10664BA85A5614BA3A
                                                                                                                                                                                                                                      SHA1:EFD761A3E6D14E897D37AFB0C7317C797F7AE1D6
                                                                                                                                                                                                                                      SHA-256:C393098E7803ABF08EE8F7381AD7B0F8FAFFBF66319C05D72823308E898F8CFC
                                                                                                                                                                                                                                      SHA-512:C04461E52B7FE92D108CBDEB879B7A8553DD552D79C88DFA3F5D0036EED8D4B8C839C0BF2563BC0C796F8280ED2828CA84747CB781D2F26B44214FCA2091EAE4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y.....................7...............7.......7.......7.......6..........D....6.......6.......6.......6......Rich............................PE..d....$.g.........." ...).@...........C.......................................0............`.........................................0...d.................................... ......................................P...@............P...............................text....?.......@.................. ..`.rdata..nY...P...Z...D..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\cryptography-43.0.3.dist-info\INSTALLER

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                                                                                      Entropy (8bit):1.5
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:Mn:M
                                                                                                                                                                                                                                      MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                      SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                      SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                      SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:pip.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\cryptography-43.0.3.dist-info\METADATA

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5440
                                                                                                                                                                                                                                      Entropy (8bit):5.074230645519915
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:DloQIUQIhQIKQILbQIRIaMPktjaVxsxA2TLLDmplH7dwnqTIvrUmA0JQTQCQx5KN:RcPuP1srTLLDmplH7JTIvYX0JQTQ9x54
                                                                                                                                                                                                                                      MD5:C891CD93024AF027647E6DE89D0FFCE2
                                                                                                                                                                                                                                      SHA1:01D8D6F93F1B922A91C82D4711BCEFB885AD47B0
                                                                                                                                                                                                                                      SHA-256:EB36E0E4251E8479EF36964440755EF22BEDD411BA87A93F726FA8E5BB0E64B0
                                                                                                                                                                                                                                      SHA-512:3386FBB3DCF7383B2D427093624C531C50BE34E3E0AA0984547B953E04776D0D431D5267827F4194A9B0AD1AB897869115623E802A6A1C5D2AE1AD82C96CCE71
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:Metadata-Version: 2.3.Name: cryptography.Version: 43.0.3.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\cryptography-43.0.3.dist-info\RECORD

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):15485
                                                                                                                                                                                                                                      Entropy (8bit):5.562603127346912
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:1XxTB7oz5jF4EHRThXsI4WPm6LciTwqU+NX6in5hqw/t+B:1XX7ohCE3sIPm6LciTwqU+96inhgB
                                                                                                                                                                                                                                      MD5:196EB487FE23136C14B43FE28FD62DAD
                                                                                                                                                                                                                                      SHA1:B7878EA852FA6C6A9B173E60B81029B5B00BA691
                                                                                                                                                                                                                                      SHA-256:4032FF71C85740D209A454E06F96CBC56302ACEC18E1BD539D39369292DB2110
                                                                                                                                                                                                                                      SHA-512:F2052E1F42C8EC69DCF501FFA32B27AEC939E769786BEE1F95C24466C774987F5AA8C13B5996D6C59D04755442EB421E53E0AE5EE0148872F9BD9FE01CF3FC8E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:cryptography-43.0.3.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-43.0.3.dist-info/METADATA,sha256=6zbg5CUehHnvNpZEQHVe8ivt1BG6h6k_cm-o5bsOZLA,5440..cryptography-43.0.3.dist-info/RECORD,,..cryptography-43.0.3.dist-info/WHEEL,sha256=8_4EnrLvbhzH224YH8WypoB7HFn-vpbwr_zHlr3XUBI,94..cryptography-43.0.3.dist-info/license_files/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-43.0.3.dist-info/license_files/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-43.0.3.dist-info/license_files/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=-FkHKD9mSuEfH37wsSKnQzJZmL5zUAUTpB5OeUQjPE0,445..cryptography/__init__.py,sha256=mthuUrTd4FROCpUYrTIqhjz6s6T9djAZrV7nZ1oMm2o,364..cryptography/__pycache__/__about__.cpython-313.pyc,,..cryptography/__pycache__/__init__.cpython-313.pyc,,..cryptography/__pycache__/exceptions.cpython-313.pyc,,..cryptography/__p

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\cryptography-43.0.3.dist-info\WHEEL

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):94
                                                                                                                                                                                                                                      Entropy (8bit):5.016084900984752
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:RtEeX5pGogP+tkKciH/KQb:RtvoTWKTQb
                                                                                                                                                                                                                                      MD5:C869D30012A100ADEB75860F3810C8C9
                                                                                                                                                                                                                                      SHA1:42FD5CFA75566E8A9525E087A2018E8666ED22CB
                                                                                                                                                                                                                                      SHA-256:F3FE049EB2EF6E1CC7DB6E181FC5B2A6807B1C59FEBE96F0AFFCC796BDD75012
                                                                                                                                                                                                                                      SHA-512:B29FEAF6587601BBE0EDAD3DF9A87BFC82BB2C13E91103699BABD7E039F05558C0AC1EF7D904BCFAF85D791B96BC26FA9E39988DD83A1CE8ECCA85029C5109F0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:Wheel-Version: 1.0.Generator: maturin (1.7.0).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\cryptography-43.0.3.dist-info\license_files\LICENSE

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):197
                                                                                                                                                                                                                                      Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                                      MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                                      SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                                      SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                                      SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\cryptography-43.0.3.dist-info\license_files\LICENSE.APACHE

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):11360
                                                                                                                                                                                                                                      Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                                      MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                                      SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                                      SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                                      SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\cryptography-43.0.3.dist-info\license_files\LICENSE.BSD

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1532
                                                                                                                                                                                                                                      Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                                      MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                                      SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                                      SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                                      SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):7834624
                                                                                                                                                                                                                                      Entropy (8bit):6.517862303223651
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:oFNZj7fIo9W67PapgzJTkrXyzNzpXAbuiqCgIns3mYEXEqMrIU6i7GtlqdVwASO/:QI9X/gIFYEXME+oFNr5VQCJheq4BsxH
                                                                                                                                                                                                                                      MD5:BFD28B03A4C32A9BCB001451FD002F67
                                                                                                                                                                                                                                      SHA1:DD528FD5F4775E16B2E743D3188B66F1174807B2
                                                                                                                                                                                                                                      SHA-256:8EF0F404A8BFF12FD6621D8F4F209499613F565777FE1C2A680E8A18F312D5A7
                                                                                                                                                                                                                                      SHA-512:6DC39638435F147B399826E34F78571D7ED2ED1232275E213A2B020224C0645E379F74A0CA5DE86930D3348981C8BB03BBBECFA601F8BA781417E7114662DDEE
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r.b.6...6...6...?..$...&9..4...&9..2...&9..>...&9..'...}...8...Y<..5...6...2...~8..I...6.......~8..7...~8..7...Rich6...........PE..d......g.........." ...)..Y..$........W.......................................w...........`..........................................q.....l.q.............. s...............w......zi.T....................{i.(...Pyi.@.............Y..............................text...k.Y.......Y................. ..`.rdata...A....Y..B....Y.............@..@.data...@+....q.......q.............@....pdata....... s.......r.............@..@.reloc........w.......v.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\h2-4.1.0.dist-info\INSTALLER

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                                                                                      Entropy (8bit):1.5
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:Mn:M
                                                                                                                                                                                                                                      MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                      SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                      SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                      SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:pip.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\h2-4.1.0.dist-info\LICENSE

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1102
                                                                                                                                                                                                                                      Entropy (8bit):5.120351253767657
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:24:bOLRrmJHHH0yN3gtsHw1hj9QHOsUv4eOk4/+/m3oqLF5n:bOLRaJHlxE35QHOs5exm3ogF5n
                                                                                                                                                                                                                                      MD5:AA3B9B4395563DD427BE5F022EC321C1
                                                                                                                                                                                                                                      SHA1:80129BCE9030CF215FC93006DCE98B0BA8C778F8
                                                                                                                                                                                                                                      SHA-256:7A65A5AF0CBABF1C16251C7C6B2B7CB46D16A7222E79975B9B61FCD66A2E3F28
                                                                                                                                                                                                                                      SHA-512:62337AD684E4AA1192DBA00503EED316F28F6480ACEA90442774BE544C970C3F9012933B451C036DB3AC388C495153D6C9FA04E1844E0A483E8E767218B90690
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:The MIT License (MIT)..Copyright (c) 2015-2020 Cory Benfield and contributors..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\h2-4.1.0.dist-info\METADATA

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):3583
                                                                                                                                                                                                                                      Entropy (8bit):4.978673419311688
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:D7evWamPktjxsxMMrgfHcxfS+UvWQH46o1WvUXCR:+RsMCgfGfS+UvW63MyR
                                                                                                                                                                                                                                      MD5:566784A778E8B69F205F14DAC1D57817
                                                                                                                                                                                                                                      SHA1:B1B850F3D43CC453086BED7034675426F81C9BDE
                                                                                                                                                                                                                                      SHA-256:C504EAA29585F6BDD95644FEC420C7016599401DE0FF3CAA80AC429748A847A4
                                                                                                                                                                                                                                      SHA-512:CFD127A2868E94E5F4FAFAB78A3153094D45F6538AE77642ADE9FABC5580D47DA2EC40A2EB7BF11FD6F5A21553A4489F5278B76AC017D738B64C4C9579B38D55
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:Metadata-Version: 2.1.Name: h2.Version: 4.1.0.Summary: HTTP/2 State-Machine based protocol implementation.Home-page: https://github.com/python-hyper/h2.Author: Cory Benfield.Author-email: cory@lukasa.co.uk.License: MIT License.Platform: UNKNOWN.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.6.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: Implementation :: CPython.Classifier: Programming Language :: Python :: Implementation :: PyPy.Requires-Python: >=3.6.1.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: hyperframe (<7,>=6.0).

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\h2-4.1.0.dist-info\RECORD

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1716
                                                                                                                                                                                                                                      Entropy (8bit):5.8211741515807445
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:48:pnuXipSpe7lLCDHPk0M3T429PTW/2B7V0Wh85dGlLt4qYt29tw:sXEFgHe3T42VTW/2tV0MmdGlLtnY89m
                                                                                                                                                                                                                                      MD5:D87AEDCBB68CBE9452841B2CCF60912D
                                                                                                                                                                                                                                      SHA1:A52A782A2954A756483F58BC96007BA4183FA020
                                                                                                                                                                                                                                      SHA-256:2064CC9A20B0FB9F6BC1D8BB5C819AAC32A729C2D0CAD20933E1CD88397B84BB
                                                                                                                                                                                                                                      SHA-512:D2F863769FAFA427020C59FA0CCE704B4487D30FF8D5398FEB3724AFEFC273DC006CF16F2B24B875C3EC8550B74E09F02B910A8AC78C7A70A0F8D0496BE1DEA5
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:h2-4.1.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..h2-4.1.0.dist-info/LICENSE,sha256=emWlrwy6vxwWJRx8ayt8tG0WpyIueZdbm2H81mouPyg,1102..h2-4.1.0.dist-info/METADATA,sha256=xQTqopWF9r3ZVkT-xCDHAWWZQB3g_zyqgKxCl0ioR6Q,3583..h2-4.1.0.dist-info/RECORD,,..h2-4.1.0.dist-info/WHEEL,sha256=OqRkF0eY5GHssMorFjlbTIq072vpHpF60fIQA6lS9xA,92..h2-4.1.0.dist-info/top_level.txt,sha256=Hiulx8KxI2jFUM1dG7-CZeRkO3j50MBwCLG36Vrq-kI,3..h2/__init__.py,sha256=inV-bCAUhD_QGjQe5Mk8gl7F85v26UW9W3BHov9vBAA,86..h2/__pycache__/__init__.cpython-313.pyc,,..h2/__pycache__/config.cpython-313.pyc,,..h2/__pycache__/connection.cpython-313.pyc,,..h2/__pycache__/errors.cpython-313.pyc,,..h2/__pycache__/events.cpython-313.pyc,,..h2/__pycache__/exceptions.cpython-313.pyc,,..h2/__pycache__/frame_buffer.cpython-313.pyc,,..h2/__pycache__/settings.cpython-313.pyc,,..h2/__pycache__/stream.cpython-313.pyc,,..h2/__pycache__/utilities.cpython-313.pyc,,..h2/__pycache__/windows.cpython-313.pyc,,..h2/config

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\h2-4.1.0.dist-info\WHEEL

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):92
                                                                                                                                                                                                                                      Entropy (8bit):4.842566724466667
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:RtEeX7MWcSlViHoKKjP+tPCCfA5S:RtBMwlViQWBBf
                                                                                                                                                                                                                                      MD5:11AA48DBE7E7CC631B11DD66DC493AEB
                                                                                                                                                                                                                                      SHA1:249FDB01AD3E3F71356E33E1897D06F23CFB20C2
                                                                                                                                                                                                                                      SHA-256:3AA464174798E461ECB0CA2B16395B4C8AB4EF6BE91E917AD1F21003A952F710
                                                                                                                                                                                                                                      SHA-512:EDD5892C9B2FE1F2439C53D2CD05F4478EC360885054BD06AFCF7936F6D066377FEE07796DAE9ECDF810E3D6100E039CAD48F00AD0E3145693D53E844CC5319D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.36.2).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\h2-4.1.0.dist-info\top_level.txt

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):3
                                                                                                                                                                                                                                      Entropy (8bit):1.584962500721156
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:Vn:V
                                                                                                                                                                                                                                      MD5:4217C1CE78C1E6BAE73FE12CE19C51D3
                                                                                                                                                                                                                                      SHA1:8BA0141FFAA18F4355DB911606B6B283D9BEF1B1
                                                                                                                                                                                                                                      SHA-256:1E2BA5C7C2B12368C550CD5D1BBF8265E4643B78F9D0C07008B1B7E95AEAFA42
                                                                                                                                                                                                                                      SHA-512:E735248AA6CC62335983C38AC04631F512B1444D3FACD5FE00064F6649D9382CC8A1661BFEF4978156B2BBD93C27FCDFD581416B05EBC91B59FEFD3C51207067
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:h2.

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\libcrypto-3.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):5232408
                                                                                                                                                                                                                                      Entropy (8bit):5.940072183736028
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
                                                                                                                                                                                                                                      MD5:123AD0908C76CCBA4789C084F7A6B8D0
                                                                                                                                                                                                                                      SHA1:86DE58289C8200ED8C1FC51D5F00E38E32C1AAD5
                                                                                                                                                                                                                                      SHA-256:4E5D5D20D6D31E72AB341C81E97B89E514326C4C861B48638243BDF0918CFA43
                                                                                                                                                                                                                                      SHA-512:80FAE0533BA9A2F5FA7806E86F0DB8B6AAB32620DDE33B70A3596938B529F3822856DE75BDDB1B06721F8556EC139D784BC0BB9C8DA0D391DF2C20A80D33CB04
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(..7..<......v........................................0P.......O...`...........................................H.0.....O.@....@O.|.... L. .....O../...PO.$...`{D.8............................yD.@.............O..............................text.....7.......7................. ..`.rdata........7.......7.............@..@.data...Ao....K..<....K.............@....pdata....... L.......K.............@..@.idata...%....O..&....N.............@..@.00cfg..u....0O.......N.............@..@.rsrc...|....@O.......N.............@..@.reloc..~....PO.......N.............@..B................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\libffi-8.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):39696
                                                                                                                                                                                                                                      Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                                      MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                                      SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                                      SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                                      SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\libssl-3.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):792856
                                                                                                                                                                                                                                      Entropy (8bit):5.57949182561317
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:7LN1sdyIzHHZp5c3nlUa6lxzAG11rbmFe9Xbv:7LgfzH5I3nlUa2AU2Fe9Xbv
                                                                                                                                                                                                                                      MD5:4FF168AAA6A1D68E7957175C8513F3A2
                                                                                                                                                                                                                                      SHA1:782F886709FEBC8C7CEBCEC4D92C66C4D5DBCF57
                                                                                                                                                                                                                                      SHA-256:2E4D35B681A172D3298CAF7DC670451BE7A8BA27C26446EFC67470742497A950
                                                                                                                                                                                                                                      SHA-512:C372B759B8C7817F2CBB78ECCC5A42FA80BDD8D549965BD925A97C3EEBDCE0335FBFEC3995430064DEAD0F4DB68EBB0134EB686A0BE195630C49F84B468113E3
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.>..|m..|m..|m.u.m..|m+.}l..|m.u}l..|m+..l..|m+.xl..|m+.yl..|m..}l..|m..}m..|m..xl..|m..|l..|m...m..|m..~l..|mRich..|m................PE..d......f.........." ...(.>..........K........................................0......!+....`..........................................x...Q..............s.... ...M......./......d...p...8...............................@............................................text....<.......>.................. ..`.rdata..hz...P...|...B..............@..@.data...qN.......H..................@....pdata..pV... ...X..................@..@.idata...c.......d...^..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..C...........................@..B........................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\python3.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):70416
                                                                                                                                                                                                                                      Entropy (8bit):6.1258200129869405
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:pQEotsskOv6pWVCB4p/uKlZPRQcFIc9qunV0Jku/YFI1Hu1wEBbCpVNyD6VdPxiD:/otssyKcunV8PjZIJy0i7SyWH1
                                                                                                                                                                                                                                      MD5:16855EBEF31C5B1EBE767F1C617645B3
                                                                                                                                                                                                                                      SHA1:315521F3A748ABFA35CD4D48E8DD09D0556D989B
                                                                                                                                                                                                                                      SHA-256:A5C6A329698490A035133433928D04368CE6285BB91A9D074FC285DE4C9A32A4
                                                                                                                                                                                                                                      SHA-512:C3957B3BD36B10C7AD6EA1FF3BC7BD65CDCEB3E6B4195A25D0649AA0DA179276CE170DA903D77B50A38FC3D5147A45BE32DBCFDBFBF76CC46301199C529ADEA4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%?..a^e.a^e.a^e.).m.`^e.).e.`^e.)..`^e.).g.`^e.Richa^e.........PE..d......g.........." ...)............................................................z.....`.........................................`..................................../..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\python313.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):6083856
                                                                                                                                                                                                                                      Entropy (8bit):6.126922729922386
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:fXGc3O7T4DKX+vLFMmKYxiAYNBD987KdJlI9HbeX2jrgQcw6Zc4h67mM+XDQ3bLi:Of42zJiwJl/YF7v3vaHDMiEN3Kr
                                                                                                                                                                                                                                      MD5:B9DE917B925DD246B709BB4233777EFD
                                                                                                                                                                                                                                      SHA1:775F258D8B530C6EA9F0DD3D1D0B61C1948C25D2
                                                                                                                                                                                                                                      SHA-256:0C0A66505093B6A4BB3475F716BD3D9552095776F6A124709C13B3F9552C7D99
                                                                                                                                                                                                                                      SHA-512:F4BF3398F50FDD3AB7E3F02C1F940B4C8B5650ED7AF16C626CCD1B934053BA73A35F96DA03B349C1EB614BB23E0BC6B5CC58B07B7553A5C93C6D23124F324A33
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s]{v ]{v ]{v M.w!_{v M.. S{v M.u!Y{v M.r!U{v M.s!P{v T.. G{v ..w!V{v ]{w .zv ..{!.{v ..v!\{v ... \{v ..t!\{v Rich]{v ........................PE..d......g.........." ...).:+..T9......J........................................d.....uF]...`...........................................O.....h.P.......d......0].......\../....d..... A3.T.....................I.(....?3.@............P+..............................text....8+......:+................. ..`.rdata....%..P+...%..>+.............@..@.data...$9....P..N....P.............@....pdata.......0]...... U.............@..@PyRuntim.N...._..P....W.............@....rsrc.........d.......[.............@..@.reloc........d.......[.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\pywin32_system32\pythoncom313.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):678400
                                                                                                                                                                                                                                      Entropy (8bit):6.050905552138285
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:r0G3L613PCcuXLq0Qroh0abOY6RWd0GrNmFKlOKdSAjUpdc6YcAQE7KytwhrPYL+:AGm16c0QroXbWnGVlOKQpdAUmN+
                                                                                                                                                                                                                                      MD5:070B0C071A05B06223B927F1711E0B9C
                                                                                                                                                                                                                                      SHA1:C482B1E1C1CDA3E0AEB84A0C3EF315C355BA003B
                                                                                                                                                                                                                                      SHA-256:9D1097ABAD812B53A68C2BFCF9EFEF7559E39873950A000FAC9A7C7C5B199292
                                                                                                                                                                                                                                      SHA-512:D05389A078C66426EA9CA3A8DF1721ABE246F59A3684DCFA9C5B031A93D96506A0D3BB8795330CFC0E81B23BBF7D91BBDE51EFFD152A234BA5ED63673F41086B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........~..-..-..-...-...-..,..-..,..-..,..-..,..-..,..-..,..-...,..-..,..-..-...-..,...-..,..-..,..-Rich..-................PE..d......g.........." ................4........................................ ............`..........................................u...c..............l....`...{............... ..`1..T............................1..8............................................text...#........................... ..`.rdata...$.......&..................@..@.data....L..........................@....pdata...{...`...|..................@..@.rsrc...l............4..............@..@.reloc... ......."...8..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\pywin32_system32\pywintypes313.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):135680
                                                                                                                                                                                                                                      Entropy (8bit):6.0205382324631955
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:q9GPDeI1KuOQEbULZYY/r06YrqHXmZEdb/XAnLT:GgDJ1vOlbfY/rke3mZE9/XA
                                                                                                                                                                                                                                      MD5:2A87D04E9E7CBFF67E8EA4F6315C0EBB
                                                                                                                                                                                                                                      SHA1:CF5B2BB53B37087ECA18E509B8551ED5CB7575D9
                                                                                                                                                                                                                                      SHA-256:D011068781CFBA0955258505DBE7E5C7D3D0B955E7F7640D2F1019D425278087
                                                                                                                                                                                                                                      SHA-512:2138E051AC116D3ABE11101C75F8BD8388D7FBA89B15E6F82DC35FD78BDD913ED8BA468769F68440CE7834825806281AA15F0023855E3B8248266414D60A4A44
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.J+.z$x.z$x.z$x...x.z$xW.%y.z$xc..x.z$xW.!y.z$xW. y.z$xW.'y.z$xN. y.z$xM.%y.z$xN.%y.z$x.z%x.z$x..-y.z$x..$y.z$x..&y.z$xRich.z$x................PE..d...X..g.........." .........................................................`............`.........................................0...lB......,....@..l.... ...............P..0....a..T............................b..8...............p............................text...9........................... ..`.rdata..............................@..@.data....-.......(..................@....pdata....... ......................@..@.rsrc...l....@......................@..@.reloc..0....P......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\select.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):30992
                                                                                                                                                                                                                                      Entropy (8bit):6.554484610649281
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:7hhxm9tKLhuoNHfzzlvFy0ZZIJ9GckHQIYiSy1pCQ4HWSJIVE8E9VF0Ny6sC:tCytHf98uZIJ9Gx5YiSyvy2ES
                                                                                                                                                                                                                                      MD5:20831703486869B470006941B4D996F2
                                                                                                                                                                                                                                      SHA1:28851DFD43706542CD3EF1B88B5E2749562DFEE0
                                                                                                                                                                                                                                      SHA-256:78E5994C29D8851F28B5B12D59D742D876683AEA58ECEEA1FB895B2036CDCDEB
                                                                                                                                                                                                                                      SHA-512:4AAF5D66D2B73F939B9A91E7EDDFEB2CE2476C625586EF227B312230414C064AA850B02A4028363AA4664408C9510594754530A6D026A0A84BE0168D677C1BC4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........tV..'V..'V..'_.j'T..'F:.&T..'F:.&R..'F:.&^..'F:.&Z..'.;.&T..'V..'...'...&S..'.;.&W..'.;.&W..'.;.'W..'.;.&W..'RichV..'................PE..d.....g.........." ...).....2............................................................`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...p....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\unicodedata.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):709904
                                                                                                                                                                                                                                      Entropy (8bit):5.861739047785334
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:FYGdLI/X77mvfldCKGihH32W3cnPSqrUgLIe:FYGW7qNxr3cnPXLIe
                                                                                                                                                                                                                                      MD5:0902D299A2A487A7B0C2D75862B13640
                                                                                                                                                                                                                                      SHA1:04BCBD5A11861A03A0D323A8050A677C3A88BE13
                                                                                                                                                                                                                                      SHA-256:2693C7EE4FBA55DC548F641C0CB94485D0E18596FFEF16541BD43A5104C28B20
                                                                                                                                                                                                                                      SHA-512:8CBEF5A9F2D24DA1014F8F1CCBDDD997A084A0B04DD56BCB6AC38DDB636D05EF7E4EA7F67A085363AAD3F43D45413914E55BDEF14A662E80BE955E6DFC2FECA3
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q.............(.....(.....(.....(.....)................).....).....)x....)....Rich..................PE..d.....g.........." ...).B...f......P,..............................................<.....`.........................................P...X................................/..........p...T...........................0...@............`..h............................text....@.......B.................. ..`.rdata...?...`...@...F..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\win32\_win32sysloader.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):14848
                                                                                                                                                                                                                                      Entropy (8bit):5.116146861242879
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:192:ketklgde+ljBEs0I62SbPbVlQmUAaPHTPMRX7aMHvcqvn7yab6x/:/d1tT0h2SbAmFaPHTmphvH6x/
                                                                                                                                                                                                                                      MD5:5521E251A515964D04BC90CE8A2AA24C
                                                                                                                                                                                                                                      SHA1:F7B4AB985DC9A1C7EF2F716999D276D126515BEC
                                                                                                                                                                                                                                      SHA-256:F382CFFA30F533484FA6314E90A1408F0826867D70B3320220FD86AAFAC37526
                                                                                                                                                                                                                                      SHA-512:FFEB0185B6D74881B3DCA25BA1B11C33CBCF3B466F3F1B888D662611925399BA2C7D8F133673474F691C068E67811A3FAD0FC057036A5B156B735019FAA882B9
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........%g.ND..ND..ND..G<..LD...1..LD...<..LD...1..ED...1..FD...1..MD......MD..ND..dD..1..OD..1..OD..1..OD..RichND..................PE..d...|..g.........." ......................................................................`..........................................;..`...p;..d....p..t....`..................@...|2..T............................2..8............0..p............................text............................... ..`.rdata..4....0......................@..@.data........P......................@....pdata.......`.......0..............@..@.rsrc...t....p.......4..............@..@.reloc..@............8..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\win32\win32api.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):133632
                                                                                                                                                                                                                                      Entropy (8bit):5.868928551727267
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:mQKZG4IWJW8E60/c0nlRVFhLaNzvX2/qQvmYbtrprA3e:ZKZG7WgdnlRVgvm/qQDtrprA
                                                                                                                                                                                                                                      MD5:C5067F04B506B09E48D4D07470E5A182
                                                                                                                                                                                                                                      SHA1:20435C1A092141CE67E943C95E5CF522762ACD91
                                                                                                                                                                                                                                      SHA-256:E19294BC2C145A9D87D4A2D8412830C8FF4C8C1B9AD005BD68ABD4B566AF1887
                                                                                                                                                                                                                                      SHA-512:56F08A5EB927921DED50E92EA972253E68C1216DAA48871B3AA9ED62DB5712E665DFDA406C73E9F33736B61ED1F0CD016E6B4FFEE0237781FB98EEB63672F81E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V............................................+.............................................Rich............PE..d......g.........." .........................................................P............`......................................... ................0..\.......X............@..X...xv..T............................;..8............0..........@....................text............................... ..`.rdata......0......................@..@.data...X(......."..................@....pdata..X...........................@..@.rsrc...\....0......................@..@.reloc..X....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\win32\win32trace.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):24064
                                                                                                                                                                                                                                      Entropy (8bit):5.260538552870905
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:k1CAOcv3ugutnS5nW8sHt+9Nie20T8DmDxPBQ/vMj75yn9OJg1Bl:kh/pWKJPy/0PUOJuB
                                                                                                                                                                                                                                      MD5:75C14B382EEF49322BB28F79DD2A7A54
                                                                                                                                                                                                                                      SHA1:13CCCA1F8B19D68331E7FE981113B042FAC34408
                                                                                                                                                                                                                                      SHA-256:5049C9956310FFC80C1C21C2D8A6562BA810E4592DB7DAD92462D238D82F65C0
                                                                                                                                                                                                                                      SHA-512:3182316DEF1F09FF45C87BF6A099EF4C4D0AFA0CFF073C54AB59159E79E096ADCA0C4912B1851DE42E5EE0FC5B6C4163FCCB833A4CCE8F2AA42079D0C11D0D7A
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(U.F..F..F.......F...G...F...C...F...B...F...E..F.8.G...F...G...F...G...F..G...F.8.O..F.8.F..F.8.D..F.Rich.F.................PE..d...w..g.........." .....,...........(....................................................`..........................................Q..T....Q..........d....p..,....................G..T...........................0H..8............@...............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data...(....`.......L..............@....pdata..,....p.......R..............@..@.rsrc...d............X..............@..@.reloc...............\..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\zstandard\_cffi.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):650752
                                                                                                                                                                                                                                      Entropy (8bit):6.407907101203656
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:Oz5QLUL4lK9bQkMZ/jZMaBHX7vu3XSAU128zkpWCucchvkf8HpbUPAKjgCX3oRx:Ozb4lK9ckWBHXKSA584ENcyv6sUPAKg
                                                                                                                                                                                                                                      MD5:0C4037C8EE7D926265B6AC499C323599
                                                                                                                                                                                                                                      SHA1:B2F5B324449814C25E7262E2B7598B2596AD34B8
                                                                                                                                                                                                                                      SHA-256:5134A34833CDCDC64546BEB50AABFC09496F457FFB76F6ECDE01E8D9D30BC177
                                                                                                                                                                                                                                      SHA-512:99C5CBA330D1266D46F51348CD1D08920385E42A41ED9BA53AACB5E39C9297B7153BB0F66EAC157D1869877D718BF24486E78033A2F2218E7891E415FE9EC2FD
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F...........1....r....I......r.....r.....r.....u......J..u.....u.....u]....u....Rich..........PE..d....'.f.........." ...(.....\......P........................................0............`.........................................0...\........................3........... .......d..............................Pc..@...............@............................text...x........................... ..`.rdata..b...........................@..@.data...............................@....pdata...3.......4..................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI79762\zstandard\backend_c.cp313-win_amd64.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):520192
                                                                                                                                                                                                                                      Entropy (8bit):6.408267868238645
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:AL1TGmvt0Vwyow0k1rErgw25rDjEA0Z7k45sWOC:A5lvt0Vw9fk1rErV25rE57k
                                                                                                                                                                                                                                      MD5:23266E25821CE9E162F050DB8B81C6F9
                                                                                                                                                                                                                                      SHA1:FD1049338E304D7688562991091D59C310999B23
                                                                                                                                                                                                                                      SHA-256:0B494D168A67F2EB2D75593714A4DB65FE0F000B66388AB3C721A67515A2FEFC
                                                                                                                                                                                                                                      SHA-512:E118531A6BF5354BF082D4CEAAF5247FEA3305A9ADD399ECBBE08AB083D39AB760F3CA28A0DD2B4D5D8400F3E88EC3DECD696E3987FB9F2264A5B8B16F66A61B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................k...........k.....k.....k.....l......T..l.....l.....ln....l....Rich..................PE..d....'.f.........." ...(............ ........................................0............`......................................... ...d........................)........... ..d...0\...............................Z..@...............(............................text...H........................... ..`.rdata.............................@..@.data....-.......(..................@....pdata...).......*..................@..@.rsrc...............................@..@.reloc..d.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\gen_py\3.13\__init__.py

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):176
                                                                                                                                                                                                                                      Entropy (8bit):4.713840781302666
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:S3yE25MOWrYXtHVE/DRFrgm5/gvJgXDLAUDA+ERo6+aEYqVS1f6gq1WGgVSBn:S3mSOWWHVUDjrgmxgRgzLXDA6Va8VeuR
                                                                                                                                                                                                                                      MD5:8C7CA775CF482C6027B4A2D3DB0F6A31
                                                                                                                                                                                                                                      SHA1:E3596A87DD6E81BA7CF43B0E8E80DA5BC823EA1A
                                                                                                                                                                                                                                      SHA-256:52C72CF96B12AE74D84F6C049775DA045FAE47C007DC834CA4DAC607B6F518EA
                                                                                                                                                                                                                                      SHA-512:19C7D229723249885B125121B3CC86E8C571360C1FB7F2AF92B251E6354A297B4C2B9A28E708F2394CA58C35B20987F8B65D9BD6543370F063BBD59DB4A186AC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:# Generated file - this directory may be deleted to reset the COM cache.....import win32com..if __path__[:-1] != win32com.__gen_path__: __path__.append(win32com.__gen_path__)..

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\gen_py\3.13\dicts.dat

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):10
                                                                                                                                                                                                                                      Entropy (8bit):2.7219280948873625
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:qW6:qW6
                                                                                                                                                                                                                                      MD5:2C7344F3031A5107275CE84AED227411
                                                                                                                                                                                                                                      SHA1:68ACAD72A154CBE8B2D597655FF84FD31D57C43B
                                                                                                                                                                                                                                      SHA-256:83CDA9FECC9C008B22C0C8E58CBCBFA577A3EF8EE9B2F983ED4A8659596D5C11
                                                                                                                                                                                                                                      SHA-512:F58362C70A2017875D231831AE5868DF22D0017B00098A28AACB5753432E8C4267AA7CBF6C5680FEB2DC9B7ABADE5654C3651685167CC26AA208A9EB71528BB6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:..K....}..

                                                                                                                                                                                                                                      C:\Users\user\Desktop\errors.log

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (387), with CRLF line terminators
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):778
                                                                                                                                                                                                                                      Entropy (8bit):5.516961503328842
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12:5vIMN0CNrrhvEAQHj9LgYMd7mtY9tPc+KxkWIMN0CNrrhvEAQHj9LgYMd7mtY9tB:5vIQXhcdG7/kKWIQXhcdG7/kU
                                                                                                                                                                                                                                      MD5:CECAF5EA2737B33CFDB51FFFF439C952
                                                                                                                                                                                                                                      SHA1:3C8894BB04A37C431683D7FA2F6FEA5C71CAA02A
                                                                                                                                                                                                                                      SHA-256:3DABC84DDF621C31F88239A595961CED7A92E69F4ABB9717BAAC1BC5A5E0E0B8
                                                                                                                                                                                                                                      SHA-512:2E455E6FC8B26F8694D70609D505660AA4C446467609231D10E63E1E184500BB2C8443001A0CA26DBE923FAD20EBAA85FBD7CE3E0F327BAF557F53D4DFC69AFB
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:2025-01-06 12:01:48,409 - ERROR - Error sending Telegram message: HTTPSConnectionPool(host='api.telegram.org', port=443): Max retries exceeded with url: /bot8198088572:AAHuCRMqYLAInPh6sc5IXCxLBzQUYapjKZ8/sendMessage (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1020)')))..2025-01-06 12:01:49,168 - ERROR - Error sending Telegram message: HTTPSConnectionPool(host='api.telegram.org', port=443): Max retries exceeded with url: /bot8198088572:AAHuCRMqYLAInPh6sc5IXCxLBzQUYapjKZ8/sendMessage (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1020)')))..

                                                                                                                                                                                                                                      C:\Windows\System32\errors.log

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (387), with CRLF line terminators
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):778
                                                                                                                                                                                                                                      Entropy (8bit):5.515876302847998
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12:DJJGIMN0CNrrhvEAQHj9LgYMd7mtY9tPc+KxCOWIMN0CNrrhvEAQHj9LgYMd7mt+:DLGIQXhcdG7/kZWIQXhcdG7/kU
                                                                                                                                                                                                                                      MD5:3029AC7700C64C8D41C8D0E4BC819DD7
                                                                                                                                                                                                                                      SHA1:42E57AF5EBF26AB18D9C0E4DDFE31BCCAE10F8E3
                                                                                                                                                                                                                                      SHA-256:530B0D71C0EBA75923C1021BC5991D725B2FB3EE0404921446F4DAEC6B4E04E4
                                                                                                                                                                                                                                      SHA-512:1E521D6B7F944F90363DF3C8B8865A680BC92A360D1FF182D8CD4096901412601F16C41A881586ADE6C99F514560A6CE87291A0E3C4B168022820BD672CC91F8
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:2025-01-06 12:02:07,439 - ERROR - Error sending Telegram message: HTTPSConnectionPool(host='api.telegram.org', port=443): Max retries exceeded with url: /bot8198088572:AAHuCRMqYLAInPh6sc5IXCxLBzQUYapjKZ8/sendMessage (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1020)')))..2025-01-06 12:02:08,112 - ERROR - Error sending Telegram message: HTTPSConnectionPool(host='api.telegram.org', port=443): Max retries exceeded with url: /bot8198088572:AAHuCRMqYLAInPh6sc5IXCxLBzQUYapjKZ8/sendMessage (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1020)')))..

                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Entropy (8bit):7.994589178330262
                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                      • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                                      • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                      File name:user.exe
                                                                                                                                                                                                                                      File size:16'756'993 bytes
                                                                                                                                                                                                                                      MD5:5cc8a6ec6d6fc9d98ef59c905274e4c3
                                                                                                                                                                                                                                      SHA1:bbd7891793055343f045807124138701beb2937c
                                                                                                                                                                                                                                      SHA256:c330b29ffa94084d183e23e4ed0bbbd864e51523ab9df30a09b78078fc5cfc00
                                                                                                                                                                                                                                      SHA512:6736892be97e5103327a2f1dbf0cbeb191500e3c9b50cc0471fbbb83f473bdc68c14af45e8926922d32e740f5d9005ab45b4f0034a70d6ea6db78d46bb173dfa
                                                                                                                                                                                                                                      SSDEEP:393216:kVlj87d5Io/Fa63huceXMCHWUjvcuIF//PGMhyCa:kVl8Zzr3hreXMb8k1//3Ra
                                                                                                                                                                                                                                      TLSH:5EF6331666D81F6ED7A381B498A0934DE415BF9F16B3C56AC2A47E123D631C04CBFCB2
                                                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n=..*\.Z*\.Z*\.Za$.[-\.Za$.[.\.Za$.[ \.Z:..Z)\.Z:..[#\.Z:..[;\.Z:..[.\.Za$.[!\.Z*\.Z.\.Zb..[3\.Zb..[+\.ZRich*\.Z........PE..d..

                                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                                      Icon Hash:0f33a9cdcdc96317

                                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Entrypoint:0x14000cdb0
                                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                                                      Imagebase:0x140000000
                                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                      Time Stamp:0x67704D3B [Sat Dec 28 19:10:51 2024 UTC]
                                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                                      OS Version Major:6
                                                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                                                      File Version Major:6
                                                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                                                      Subsystem Version Major:6
                                                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                                                      Import Hash:72c4e339b7af8ab1ed2eb3821c98713a

                                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      sub esp, 28h
                                                                                                                                                                                                                                      call 00007FC040BFDA2Ch
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      add esp, 28h
                                                                                                                                                                                                                                      jmp 00007FC040BFD64Fh
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      sub esp, 28h
                                                                                                                                                                                                                                      call 00007FC040BFDDF8h
                                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                                      je 00007FC040BFD7F3h
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                                      jmp 00007FC040BFD7D7h
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      cmp ecx, eax
                                                                                                                                                                                                                                      je 00007FC040BFD7E6h
                                                                                                                                                                                                                                      xor eax, eax
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      cmpxchg dword ptr [0003577Ch], ecx
                                                                                                                                                                                                                                      jne 00007FC040BFD7C0h
                                                                                                                                                                                                                                      xor al, al
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      add esp, 28h
                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                      mov al, 01h
                                                                                                                                                                                                                                      jmp 00007FC040BFD7C9h
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      sub esp, 28h
                                                                                                                                                                                                                                      test ecx, ecx
                                                                                                                                                                                                                                      jne 00007FC040BFD7D9h
                                                                                                                                                                                                                                      mov byte ptr [00035765h], 00000001h
                                                                                                                                                                                                                                      call 00007FC040BFCF25h
                                                                                                                                                                                                                                      call 00007FC040BFE210h
                                                                                                                                                                                                                                      test al, al
                                                                                                                                                                                                                                      jne 00007FC040BFD7D6h
                                                                                                                                                                                                                                      xor al, al
                                                                                                                                                                                                                                      jmp 00007FC040BFD7E6h
                                                                                                                                                                                                                                      call 00007FC040C0AD2Fh
                                                                                                                                                                                                                                      test al, al
                                                                                                                                                                                                                                      jne 00007FC040BFD7DBh
                                                                                                                                                                                                                                      xor ecx, ecx
                                                                                                                                                                                                                                      call 00007FC040BFE220h
                                                                                                                                                                                                                                      jmp 00007FC040BFD7BCh
                                                                                                                                                                                                                                      mov al, 01h
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      add esp, 28h
                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      inc eax
                                                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      sub esp, 20h
                                                                                                                                                                                                                                      cmp byte ptr [0003572Ch], 00000000h
                                                                                                                                                                                                                                      mov ebx, ecx
                                                                                                                                                                                                                                      jne 00007FC040BFD839h
                                                                                                                                                                                                                                      cmp ecx, 01h
                                                                                                                                                                                                                                      jnbe 00007FC040BFD83Ch
                                                                                                                                                                                                                                      call 00007FC040BFDD6Eh
                                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                                      je 00007FC040BFD7FAh
                                                                                                                                                                                                                                      test ebx, ebx
                                                                                                                                                                                                                                      jne 00007FC040BFD7F6h
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      lea ecx, dword ptr [00035716h]
                                                                                                                                                                                                                                      call 00007FC040C0AB22h

                                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x3ca5c0x78.rdata
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000x10e34.rsrc
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x440000x2250.pdata
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x580000x764.reloc
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x3a0800x1c.rdata
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39f400x140.rdata
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x4a0.rdata
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                      .text0x10000x29f000x2a0002a7ae207b6295492e9da088072661752False0.5514439174107143data6.487454925709845IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                      .rdata0x2b0000x12a500x12c009aa040933eae140a6bffbe5019b25316False0.5244661458333333data5.752622892794091IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                      .data0x3e0000x53f80xe00dba0caeecab624a0ccc0d577241601d1False0.134765625data1.8392217063172436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                      .pdata0x440000x22500x2400f5559f14427a02f0a5dbd0dd026cae54False0.470703125data5.291665041994019IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                      .rsrc0x470000x10e340x11000e963a5ba5d34917c3f18755597b3b01eFalse0.13597196691176472data4.022502943941432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                      .reloc0x580000x7640x800816c68eeb419ee2c08656c31c06a0fffFalse0.5576171875data5.2809528666624175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                      RT_ICON0x470e80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m0.12723293505264402
                                                                                                                                                                                                                                      RT_GROUP_ICON0x579100x14data1.15
                                                                                                                                                                                                                                      RT_MANIFEST0x579240x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                                      USER32.dllCreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                                                      COMCTL32.dll
                                                                                                                                                                                                                                      KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
                                                                                                                                                                                                                                      ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                                                      GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:12.203779936 CET49782443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:12.203813076 CET44349782149.154.167.220192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:12.203887939 CET49782443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:12.205046892 CET49782443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:12.205058098 CET44349782149.154.167.220192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:12.831927061 CET44349782149.154.167.220192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:12.832801104 CET49782443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:12.832820892 CET44349782149.154.167.220192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:12.834217072 CET44349782149.154.167.220192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:12.834295988 CET49782443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:12.835732937 CET49782443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:12.835917950 CET49782443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:12.835918903 CET44349782149.154.167.220192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:12.835999966 CET49782443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:12.968049049 CET49789443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:12.968075037 CET44349789149.154.167.220192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:12.968153954 CET49789443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:12.968622923 CET49789443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:12.968636990 CET44349789149.154.167.220192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:13.569895029 CET44349789149.154.167.220192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:13.591777086 CET49789443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:13.591803074 CET44349789149.154.167.220192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:13.593348980 CET44349789149.154.167.220192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:13.593425989 CET49789443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:13.594516039 CET49789443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:13.594629049 CET49789443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:31.235745907 CET49903443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:31.235794067 CET44349903149.154.167.220192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:31.235865116 CET49903443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:31.236892939 CET49903443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:31.236908913 CET44349903149.154.167.220192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:31.856201887 CET44349903149.154.167.220192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:31.857127905 CET49903443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:31.857141018 CET44349903149.154.167.220192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:31.858213902 CET44349903149.154.167.220192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:31.858385086 CET49903443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:31.860027075 CET49903443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:31.860162973 CET44349903149.154.167.220192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:31.860377073 CET49903443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:31.860377073 CET49903443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:31.866811991 CET49908443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:31.866842985 CET44349908149.154.167.220192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:31.866920948 CET49908443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:31.867377043 CET49908443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:31.867391109 CET44349908149.154.167.220192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:32.509147882 CET44349908149.154.167.220192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:32.512417078 CET49908443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:32.512434006 CET44349908149.154.167.220192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:32.513459921 CET44349908149.154.167.220192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:32.513520956 CET49908443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:32.533605099 CET49908443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:32.533801079 CET49908443192.168.2.9149.154.167.220
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:50.442365885 CET5607753192.168.2.9162.159.36.2
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:50.447215080 CET5356077162.159.36.2192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:50.447290897 CET5607753192.168.2.9162.159.36.2
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:50.452105045 CET5356077162.159.36.2192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:50.916594982 CET5607753192.168.2.9162.159.36.2
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:50.921519995 CET5356077162.159.36.2192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:50.921590090 CET5607753192.168.2.9162.159.36.2

                                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:12.181469917 CET5147053192.168.2.91.1.1.1
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:12.188179970 CET53514701.1.1.1192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:50.441827059 CET5362653162.159.36.2192.168.2.9
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:50.976677895 CET53619591.1.1.1192.168.2.9

                                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:12.181469917 CET192.168.2.91.1.1.10xe0f4Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                      Jan 6, 2025 16:02:12.188179970 CET1.1.1.1192.168.2.90xe0f4No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                      Start time:10:02:05
                                                                                                                                                                                                                                      Start date:06/01/2025
                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\user.exe"
                                                                                                                                                                                                                                      Imagebase:0x7ff653f00000
                                                                                                                                                                                                                                      File size:16'756'993 bytes
                                                                                                                                                                                                                                      MD5 hash:5CC8A6EC6D6FC9D98EF59C905274E4C3
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                                                      Start time:10:02:07
                                                                                                                                                                                                                                      Start date:06/01/2025
                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\user.exe"
                                                                                                                                                                                                                                      Imagebase:0x7ff653f00000
                                                                                                                                                                                                                                      File size:16'756'993 bytes
                                                                                                                                                                                                                                      MD5 hash:5CC8A6EC6D6FC9D98EF59C905274E4C3
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:4
                                                                                                                                                                                                                                      Start time:10:02:13
                                                                                                                                                                                                                                      Start date:06/01/2025
                                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                                                                                      Imagebase:0x7ff7bd430000
                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:5
                                                                                                                                                                                                                                      Start time:10:02:13
                                                                                                                                                                                                                                      Start date:06/01/2025
                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                      Commandline:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      Imagebase:0x7ff653f00000
                                                                                                                                                                                                                                      File size:16'756'993 bytes
                                                                                                                                                                                                                                      MD5 hash:5CC8A6EC6D6FC9D98EF59C905274E4C3
                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:6
                                                                                                                                                                                                                                      Start time:10:02:13
                                                                                                                                                                                                                                      Start date:06/01/2025
                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                      Imagebase:0x7ff70f010000
                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:7
                                                                                                                                                                                                                                      Start time:10:02:16
                                                                                                                                                                                                                                      Start date:06/01/2025
                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                      Commandline:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      Imagebase:0x7ff653f00000
                                                                                                                                                                                                                                      File size:16'756'993 bytes
                                                                                                                                                                                                                                      MD5 hash:5CC8A6EC6D6FC9D98EF59C905274E4C3
                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:11
                                                                                                                                                                                                                                      Start time:10:02:20
                                                                                                                                                                                                                                      Start date:06/01/2025
                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\user.exe" C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      Imagebase:0x7ff653f00000
                                                                                                                                                                                                                                      File size:16'756'993 bytes
                                                                                                                                                                                                                                      MD5 hash:5CC8A6EC6D6FC9D98EF59C905274E4C3
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:14
                                                                                                                                                                                                                                      Start time:10:02:26
                                                                                                                                                                                                                                      Start date:06/01/2025
                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\user.exe" C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                      Imagebase:0x7ff653f00000
                                                                                                                                                                                                                                      File size:16'756'993 bytes
                                                                                                                                                                                                                                      MD5 hash:5CC8A6EC6D6FC9D98EF59C905274E4C3
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                        Execution Coverage:8.6%
                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                        Signature Coverage:14.9%
                                                                                                                                                                                                                                        Total number of Nodes:2000
                                                                                                                                                                                                                                        Total number of Limit Nodes:38
                                                                                                                                                                                                                                        execution_graph 16476 7ff653f0cc3c 16497 7ff653f0ce0c 16476->16497 16479 7ff653f0cd88 16651 7ff653f0d12c IsProcessorFeaturePresent 16479->16651 16480 7ff653f0cc58 __scrt_acquire_startup_lock 16482 7ff653f0cd92 16480->16482 16486 7ff653f0cc76 __scrt_release_startup_lock 16480->16486 16483 7ff653f0d12c 7 API calls 16482->16483 16485 7ff653f0cd9d _CallSETranslator 16483->16485 16484 7ff653f0cc9b 16486->16484 16487 7ff653f0cd21 16486->16487 16640 7ff653f19b2c 16486->16640 16503 7ff653f0d274 16487->16503 16489 7ff653f0cd26 16506 7ff653f01000 16489->16506 16494 7ff653f0cd49 16494->16485 16647 7ff653f0cf90 16494->16647 16498 7ff653f0ce14 16497->16498 16499 7ff653f0ce20 __scrt_dllmain_crt_thread_attach 16498->16499 16500 7ff653f0ce2d 16499->16500 16502 7ff653f0cc50 16499->16502 16500->16502 16658 7ff653f0d888 16500->16658 16502->16479 16502->16480 16504 7ff653f2a4d0 __scrt_get_show_window_mode 16503->16504 16505 7ff653f0d28b GetStartupInfoW 16504->16505 16505->16489 16507 7ff653f01009 16506->16507 16685 7ff653f15484 16507->16685 16509 7ff653f037fb 16692 7ff653f036b0 16509->16692 16513 7ff653f0c550 _log10_special 8 API calls 16515 7ff653f03ca7 16513->16515 16645 7ff653f0d2b8 GetModuleHandleW 16515->16645 16516 7ff653f0383c 16852 7ff653f01c80 16516->16852 16517 7ff653f0391b 16861 7ff653f045c0 16517->16861 16521 7ff653f0385b 16764 7ff653f08830 16521->16764 16522 7ff653f0396a 16884 7ff653f02710 16522->16884 16526 7ff653f0388e 16533 7ff653f038bb __std_exception_copy 16526->16533 16856 7ff653f089a0 16526->16856 16527 7ff653f0395d 16528 7ff653f03984 16527->16528 16529 7ff653f03962 16527->16529 16532 7ff653f01c80 49 API calls 16528->16532 16880 7ff653f1004c 16529->16880 16534 7ff653f039a3 16532->16534 16535 7ff653f08830 14 API calls 16533->16535 16539 7ff653f038de __std_exception_copy 16533->16539 16538 7ff653f01950 115 API calls 16534->16538 16535->16539 16537 7ff653f03a0b 16540 7ff653f089a0 40 API calls 16537->16540 16541 7ff653f039ce 16538->16541 16548 7ff653f0390e __std_exception_copy 16539->16548 16895 7ff653f08940 16539->16895 16542 7ff653f03a17 16540->16542 16541->16521 16543 7ff653f039de 16541->16543 16544 7ff653f089a0 40 API calls 16542->16544 16545 7ff653f02710 54 API calls 16543->16545 16546 7ff653f03a23 16544->16546 16554 7ff653f03808 __std_exception_copy 16545->16554 16547 7ff653f089a0 40 API calls 16546->16547 16547->16548 16549 7ff653f08830 14 API calls 16548->16549 16550 7ff653f03a3b 16549->16550 16551 7ff653f03b2f 16550->16551 16552 7ff653f03a60 __std_exception_copy 16550->16552 16553 7ff653f02710 54 API calls 16551->16553 16555 7ff653f08940 40 API calls 16552->16555 16563 7ff653f03aab 16552->16563 16553->16554 16554->16513 16555->16563 16556 7ff653f08830 14 API calls 16557 7ff653f03bf4 __std_exception_copy 16556->16557 16558 7ff653f03d41 16557->16558 16559 7ff653f03c46 16557->16559 16902 7ff653f044e0 16558->16902 16560 7ff653f03cd4 16559->16560 16561 7ff653f03c50 16559->16561 16565 7ff653f08830 14 API calls 16560->16565 16777 7ff653f090e0 16561->16777 16563->16556 16568 7ff653f03ce0 16565->16568 16566 7ff653f03d4f 16569 7ff653f03d65 16566->16569 16570 7ff653f03d71 16566->16570 16572 7ff653f03c61 16568->16572 16575 7ff653f03ced 16568->16575 16905 7ff653f04630 16569->16905 16571 7ff653f01c80 49 API calls 16570->16571 16583 7ff653f03cc8 __std_exception_copy 16571->16583 16578 7ff653f02710 54 API calls 16572->16578 16579 7ff653f01c80 49 API calls 16575->16579 16576 7ff653f03dc4 16827 7ff653f09390 16576->16827 16578->16554 16581 7ff653f03d0b 16579->16581 16582 7ff653f03d12 16581->16582 16581->16583 16586 7ff653f02710 54 API calls 16582->16586 16583->16576 16584 7ff653f03da7 SetDllDirectoryW LoadLibraryExW 16583->16584 16584->16576 16585 7ff653f03dd7 SetDllDirectoryW 16588 7ff653f03e0a 16585->16588 16629 7ff653f03e5a 16585->16629 16586->16554 16590 7ff653f08830 14 API calls 16588->16590 16589 7ff653f04008 16592 7ff653f04035 16589->16592 16593 7ff653f04012 PostMessageW GetMessageW 16589->16593 16596 7ff653f03e16 __std_exception_copy 16590->16596 16591 7ff653f03f1b 16832 7ff653f033c0 16591->16832 16982 7ff653f03360 16592->16982 16593->16592 16598 7ff653f03ef2 16596->16598 16603 7ff653f03e4e 16596->16603 16602 7ff653f08940 40 API calls 16598->16602 16602->16629 16603->16629 16908 7ff653f06dc0 16603->16908 16608 7ff653f06fc0 FreeLibrary 16611 7ff653f0405b 16608->16611 16618 7ff653f03e81 16620 7ff653f03ea2 16618->16620 16631 7ff653f03e85 16618->16631 16929 7ff653f06e00 16618->16929 16620->16631 16948 7ff653f071b0 16620->16948 16629->16589 16629->16591 16631->16629 16964 7ff653f02a50 16631->16964 16641 7ff653f19b43 16640->16641 16642 7ff653f19b64 16640->16642 16641->16487 18947 7ff653f1a3d8 16642->18947 16646 7ff653f0d2c9 16645->16646 16646->16494 16649 7ff653f0cfa1 16647->16649 16648 7ff653f0cd60 16648->16484 16649->16648 16650 7ff653f0d888 7 API calls 16649->16650 16650->16648 16652 7ff653f0d152 _isindst __scrt_get_show_window_mode 16651->16652 16653 7ff653f0d171 RtlCaptureContext RtlLookupFunctionEntry 16652->16653 16654 7ff653f0d1d6 __scrt_get_show_window_mode 16653->16654 16655 7ff653f0d19a RtlVirtualUnwind 16653->16655 16656 7ff653f0d208 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16654->16656 16655->16654 16657 7ff653f0d256 _isindst 16656->16657 16657->16482 16659 7ff653f0d89a 16658->16659 16660 7ff653f0d890 16658->16660 16659->16502 16664 7ff653f0dc24 16660->16664 16665 7ff653f0dc33 16664->16665 16667 7ff653f0d895 16664->16667 16672 7ff653f0de60 16665->16672 16668 7ff653f0dc90 16667->16668 16669 7ff653f0dcbb 16668->16669 16670 7ff653f0dc9e DeleteCriticalSection 16669->16670 16671 7ff653f0dcbf 16669->16671 16670->16669 16671->16659 16676 7ff653f0dcc8 16672->16676 16677 7ff653f0ddb2 TlsFree 16676->16677 16683 7ff653f0dd0c __vcrt_FlsAlloc 16676->16683 16678 7ff653f0dd3a LoadLibraryExW 16680 7ff653f0ddd9 16678->16680 16681 7ff653f0dd5b GetLastError 16678->16681 16679 7ff653f0ddf9 GetProcAddress 16679->16677 16680->16679 16682 7ff653f0ddf0 FreeLibrary 16680->16682 16681->16683 16682->16679 16683->16677 16683->16678 16683->16679 16684 7ff653f0dd7d LoadLibraryExW 16683->16684 16684->16680 16684->16683 16688 7ff653f1f480 16685->16688 16686 7ff653f1f4d3 16687 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 16686->16687 16690 7ff653f1f4fc 16687->16690 16688->16686 16689 7ff653f1f526 16688->16689 16995 7ff653f1f358 16689->16995 16690->16509 17003 7ff653f0c850 16692->17003 16695 7ff653f03710 17005 7ff653f09280 FindFirstFileExW 16695->17005 16696 7ff653f036eb GetLastError 17010 7ff653f02c50 16696->17010 16699 7ff653f03706 16704 7ff653f0c550 _log10_special 8 API calls 16699->16704 16701 7ff653f03723 17025 7ff653f09300 CreateFileW 16701->17025 16702 7ff653f0377d 17036 7ff653f09440 16702->17036 16707 7ff653f037b5 16704->16707 16707->16554 16714 7ff653f01950 16707->16714 16708 7ff653f0378b 16708->16699 16712 7ff653f02810 49 API calls 16708->16712 16709 7ff653f03734 17028 7ff653f02810 16709->17028 16710 7ff653f0374c __vcrt_FlsAlloc 16710->16702 16712->16699 16715 7ff653f045c0 108 API calls 16714->16715 16716 7ff653f01985 16715->16716 16717 7ff653f01c43 16716->16717 16718 7ff653f07f90 83 API calls 16716->16718 16719 7ff653f0c550 _log10_special 8 API calls 16717->16719 16720 7ff653f019cb 16718->16720 16721 7ff653f01c5e 16719->16721 16763 7ff653f01a03 16720->16763 17400 7ff653f106d4 16720->17400 16721->16516 16721->16517 16723 7ff653f1004c 74 API calls 16723->16717 16724 7ff653f019e5 16725 7ff653f019e9 16724->16725 16726 7ff653f01a08 16724->16726 16728 7ff653f14f08 _get_daylight 11 API calls 16725->16728 17404 7ff653f1039c 16726->17404 16730 7ff653f019ee 16728->16730 17407 7ff653f02910 16730->17407 16731 7ff653f01a45 16737 7ff653f01a5c 16731->16737 16738 7ff653f01a7b 16731->16738 16732 7ff653f01a26 16734 7ff653f14f08 _get_daylight 11 API calls 16732->16734 16735 7ff653f01a2b 16734->16735 16736 7ff653f02910 54 API calls 16735->16736 16736->16763 16740 7ff653f14f08 _get_daylight 11 API calls 16737->16740 16739 7ff653f01c80 49 API calls 16738->16739 16741 7ff653f01a92 16739->16741 16742 7ff653f01a61 16740->16742 16743 7ff653f01c80 49 API calls 16741->16743 16744 7ff653f02910 54 API calls 16742->16744 16745 7ff653f01add 16743->16745 16744->16763 16746 7ff653f106d4 73 API calls 16745->16746 16747 7ff653f01b01 16746->16747 16748 7ff653f01b35 16747->16748 16749 7ff653f01b16 16747->16749 16751 7ff653f1039c _fread_nolock 53 API calls 16748->16751 16750 7ff653f14f08 _get_daylight 11 API calls 16749->16750 16753 7ff653f01b1b 16750->16753 16752 7ff653f01b4a 16751->16752 16754 7ff653f01b50 16752->16754 16755 7ff653f01b6f 16752->16755 16756 7ff653f02910 54 API calls 16753->16756 16757 7ff653f14f08 _get_daylight 11 API calls 16754->16757 17422 7ff653f10110 16755->17422 16756->16763 16759 7ff653f01b55 16757->16759 16761 7ff653f02910 54 API calls 16759->16761 16761->16763 16762 7ff653f02710 54 API calls 16762->16763 16763->16723 16765 7ff653f0883a 16764->16765 16766 7ff653f09390 2 API calls 16765->16766 16767 7ff653f08859 GetEnvironmentVariableW 16766->16767 16768 7ff653f08876 ExpandEnvironmentStringsW 16767->16768 16769 7ff653f088c2 16767->16769 16768->16769 16770 7ff653f08898 16768->16770 16771 7ff653f0c550 _log10_special 8 API calls 16769->16771 16772 7ff653f09440 2 API calls 16770->16772 16773 7ff653f088d4 16771->16773 16774 7ff653f088aa 16772->16774 16773->16526 16775 7ff653f0c550 _log10_special 8 API calls 16774->16775 16776 7ff653f088ba 16775->16776 16776->16526 16778 7ff653f090f5 16777->16778 17640 7ff653f08570 GetCurrentProcess OpenProcessToken 16778->17640 16781 7ff653f08570 7 API calls 16782 7ff653f09121 16781->16782 16783 7ff653f0913a 16782->16783 16784 7ff653f09154 16782->16784 16785 7ff653f026b0 48 API calls 16783->16785 16786 7ff653f026b0 48 API calls 16784->16786 16787 7ff653f09152 16785->16787 16788 7ff653f09167 LocalFree LocalFree 16786->16788 16787->16788 16789 7ff653f09183 16788->16789 16791 7ff653f0918f 16788->16791 17650 7ff653f02b50 16789->17650 16792 7ff653f0c550 _log10_special 8 API calls 16791->16792 16793 7ff653f03c55 16792->16793 16793->16572 16794 7ff653f08660 16793->16794 16795 7ff653f08678 16794->16795 16796 7ff653f086fa GetTempPathW GetCurrentProcessId 16795->16796 16797 7ff653f0869c 16795->16797 17659 7ff653f025c0 16796->17659 16799 7ff653f08830 14 API calls 16797->16799 16800 7ff653f086a8 16799->16800 17666 7ff653f081d0 16800->17666 16805 7ff653f086e8 __std_exception_copy 16826 7ff653f087d4 __std_exception_copy 16805->16826 16807 7ff653f08728 __std_exception_copy 16813 7ff653f08765 __std_exception_copy 16807->16813 17663 7ff653f18b68 16807->17663 16809 7ff653f086ce __std_exception_copy 16809->16796 16815 7ff653f086dc 16809->16815 16812 7ff653f0c550 _log10_special 8 API calls 16814 7ff653f03cbb 16812->16814 16818 7ff653f09390 2 API calls 16813->16818 16813->16826 16814->16572 16814->16583 16817 7ff653f02810 49 API calls 16815->16817 16817->16805 16819 7ff653f087b1 16818->16819 16820 7ff653f087b6 16819->16820 16821 7ff653f087e9 16819->16821 16822 7ff653f09390 2 API calls 16820->16822 16823 7ff653f18238 38 API calls 16821->16823 16824 7ff653f087c6 16822->16824 16823->16826 16825 7ff653f18238 38 API calls 16824->16825 16825->16826 16826->16812 16828 7ff653f093d6 16827->16828 16829 7ff653f093b2 MultiByteToWideChar 16827->16829 16830 7ff653f093f3 MultiByteToWideChar 16828->16830 16831 7ff653f093ec __std_exception_copy 16828->16831 16829->16828 16829->16831 16830->16831 16831->16585 16833 7ff653f033ce __scrt_get_show_window_mode 16832->16833 16834 7ff653f035c7 16833->16834 16838 7ff653f01c80 49 API calls 16833->16838 16839 7ff653f035e2 16833->16839 16844 7ff653f035c9 16833->16844 16845 7ff653f02a50 54 API calls 16833->16845 16849 7ff653f035d0 16833->16849 17855 7ff653f04560 16833->17855 17861 7ff653f07e20 16833->17861 17872 7ff653f01600 16833->17872 17920 7ff653f07120 16833->17920 17924 7ff653f04190 16833->17924 17968 7ff653f04450 16833->17968 16835 7ff653f0c550 _log10_special 8 API calls 16834->16835 16836 7ff653f03664 16835->16836 16836->16554 16851 7ff653f090c0 LocalFree 16836->16851 16838->16833 16841 7ff653f02710 54 API calls 16839->16841 16841->16834 16846 7ff653f02710 54 API calls 16844->16846 16845->16833 16846->16834 16850 7ff653f02710 54 API calls 16849->16850 16850->16834 16853 7ff653f01ca5 16852->16853 16854 7ff653f14984 49 API calls 16853->16854 16855 7ff653f01cc8 16854->16855 16855->16521 16857 7ff653f09390 2 API calls 16856->16857 16858 7ff653f089b4 16857->16858 16859 7ff653f18238 38 API calls 16858->16859 16860 7ff653f089c6 __std_exception_copy 16859->16860 16860->16533 16862 7ff653f045cc 16861->16862 16863 7ff653f09390 2 API calls 16862->16863 16864 7ff653f045f4 16863->16864 16865 7ff653f09390 2 API calls 16864->16865 16866 7ff653f04607 16865->16866 18135 7ff653f15f94 16866->18135 16869 7ff653f0c550 _log10_special 8 API calls 16870 7ff653f0392b 16869->16870 16870->16522 16871 7ff653f07f90 16870->16871 16872 7ff653f07fb4 16871->16872 16873 7ff653f106d4 73 API calls 16872->16873 16878 7ff653f0808b __std_exception_copy 16872->16878 16874 7ff653f07fd0 16873->16874 16874->16878 18526 7ff653f178c8 16874->18526 16876 7ff653f106d4 73 API calls 16879 7ff653f07fe5 16876->16879 16877 7ff653f1039c _fread_nolock 53 API calls 16877->16879 16878->16527 16879->16876 16879->16877 16879->16878 16881 7ff653f1007c 16880->16881 18541 7ff653f0fe28 16881->18541 16883 7ff653f10095 16883->16522 16885 7ff653f0c850 16884->16885 16886 7ff653f02734 GetCurrentProcessId 16885->16886 16887 7ff653f01c80 49 API calls 16886->16887 16888 7ff653f02787 16887->16888 16889 7ff653f14984 49 API calls 16888->16889 16890 7ff653f027cf 16889->16890 16891 7ff653f02620 12 API calls 16890->16891 16892 7ff653f027f1 16891->16892 16893 7ff653f0c550 _log10_special 8 API calls 16892->16893 16894 7ff653f02801 16893->16894 16894->16554 16896 7ff653f09390 2 API calls 16895->16896 16897 7ff653f0895c 16896->16897 16898 7ff653f09390 2 API calls 16897->16898 16899 7ff653f0896c 16898->16899 16900 7ff653f18238 38 API calls 16899->16900 16901 7ff653f0897a __std_exception_copy 16900->16901 16901->16537 16903 7ff653f01c80 49 API calls 16902->16903 16904 7ff653f044fd 16903->16904 16904->16566 16906 7ff653f01c80 49 API calls 16905->16906 16907 7ff653f04660 16906->16907 16907->16583 16909 7ff653f06dd5 16908->16909 16910 7ff653f03e6c 16909->16910 16911 7ff653f14f08 _get_daylight 11 API calls 16909->16911 16914 7ff653f07340 16910->16914 16912 7ff653f06de2 16911->16912 16913 7ff653f02910 54 API calls 16912->16913 16913->16910 18552 7ff653f01470 16914->18552 16916 7ff653f07368 16917 7ff653f04630 49 API calls 16916->16917 16923 7ff653f074b9 __std_exception_copy 16916->16923 16918 7ff653f0738a 16917->16918 16919 7ff653f0738f 16918->16919 16920 7ff653f04630 49 API calls 16918->16920 16921 7ff653f02a50 54 API calls 16919->16921 16922 7ff653f073ae 16920->16922 16921->16923 16922->16919 16924 7ff653f04630 49 API calls 16922->16924 16923->16618 16925 7ff653f073ca 16924->16925 16925->16919 16926 7ff653f073d3 16925->16926 16927 7ff653f02710 54 API calls 16926->16927 16928 7ff653f07443 __std_exception_copy memcpy_s 16926->16928 16927->16923 16928->16618 16933 7ff653f06e1c 16929->16933 16930 7ff653f0c550 _log10_special 8 API calls 16932 7ff653f06f51 16930->16932 16931 7ff653f01840 45 API calls 16931->16933 16932->16620 16933->16931 16934 7ff653f06faa 16933->16934 16935 7ff653f01c80 49 API calls 16933->16935 16937 7ff653f06f97 16933->16937 16939 7ff653f04560 10 API calls 16933->16939 16940 7ff653f06f3f 16933->16940 16941 7ff653f07e20 52 API calls 16933->16941 16942 7ff653f02a50 54 API calls 16933->16942 16943 7ff653f06f84 16933->16943 16944 7ff653f01600 118 API calls 16933->16944 16946 7ff653f06f6d 16933->16946 16936 7ff653f02710 54 API calls 16934->16936 16935->16933 16936->16940 16938 7ff653f02710 54 API calls 16937->16938 16938->16940 16939->16933 16940->16930 16941->16933 16942->16933 16945 7ff653f02710 54 API calls 16943->16945 16944->16933 16945->16940 16947 7ff653f02710 54 API calls 16946->16947 16947->16940 18582 7ff653f08e80 16948->18582 16950 7ff653f071c9 16951 7ff653f08e80 3 API calls 16950->16951 16952 7ff653f071dc 16951->16952 16965 7ff653f0c850 16964->16965 16966 7ff653f02a74 GetCurrentProcessId 16965->16966 16967 7ff653f01c80 49 API calls 16966->16967 16968 7ff653f02ac7 16967->16968 16969 7ff653f14984 49 API calls 16968->16969 16970 7ff653f02b0f 16969->16970 16971 7ff653f02620 12 API calls 16970->16971 16972 7ff653f02b31 16971->16972 18658 7ff653f06360 16982->18658 16986 7ff653f03381 16990 7ff653f03399 16986->16990 18726 7ff653f06050 16986->18726 16988 7ff653f0338d 16988->16990 16991 7ff653f03670 16990->16991 16992 7ff653f0367e 16991->16992 16994 7ff653f0368f 16992->16994 18946 7ff653f08e60 FreeLibrary 16992->18946 16994->16608 17002 7ff653f1546c EnterCriticalSection 16995->17002 17004 7ff653f036bc GetModuleFileNameW 17003->17004 17004->16695 17004->16696 17006 7ff653f092bf FindClose 17005->17006 17007 7ff653f092d2 17005->17007 17006->17007 17008 7ff653f0c550 _log10_special 8 API calls 17007->17008 17009 7ff653f0371a 17008->17009 17009->16701 17009->16702 17011 7ff653f0c850 17010->17011 17012 7ff653f02c70 GetCurrentProcessId 17011->17012 17041 7ff653f026b0 17012->17041 17014 7ff653f02cb9 17045 7ff653f14bd8 17014->17045 17017 7ff653f026b0 48 API calls 17018 7ff653f02d34 FormatMessageW 17017->17018 17020 7ff653f02d7f MessageBoxW 17018->17020 17021 7ff653f02d6d 17018->17021 17023 7ff653f0c550 _log10_special 8 API calls 17020->17023 17022 7ff653f026b0 48 API calls 17021->17022 17022->17020 17024 7ff653f02daf 17023->17024 17024->16699 17026 7ff653f03730 17025->17026 17027 7ff653f09340 GetFinalPathNameByHandleW CloseHandle 17025->17027 17026->16709 17026->16710 17027->17026 17029 7ff653f02834 17028->17029 17030 7ff653f026b0 48 API calls 17029->17030 17031 7ff653f02887 17030->17031 17032 7ff653f14bd8 48 API calls 17031->17032 17033 7ff653f028d0 MessageBoxW 17032->17033 17034 7ff653f0c550 _log10_special 8 API calls 17033->17034 17035 7ff653f02900 17034->17035 17035->16699 17037 7ff653f0946a WideCharToMultiByte 17036->17037 17039 7ff653f09495 17036->17039 17038 7ff653f094ab __std_exception_copy 17037->17038 17037->17039 17038->16708 17039->17038 17040 7ff653f094b2 WideCharToMultiByte 17039->17040 17040->17038 17042 7ff653f026d5 17041->17042 17043 7ff653f14bd8 48 API calls 17042->17043 17044 7ff653f026f8 17043->17044 17044->17014 17048 7ff653f14c32 17045->17048 17046 7ff653f14c57 17047 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 17046->17047 17051 7ff653f14c81 17047->17051 17048->17046 17049 7ff653f14c93 17048->17049 17063 7ff653f12f90 17049->17063 17053 7ff653f0c550 _log10_special 8 API calls 17051->17053 17052 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17052->17051 17055 7ff653f02d04 17053->17055 17055->17017 17056 7ff653f14d74 17056->17052 17057 7ff653f14d49 17061 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17057->17061 17058 7ff653f14d9a 17058->17056 17060 7ff653f14da4 17058->17060 17059 7ff653f14d40 17059->17056 17059->17057 17062 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17060->17062 17061->17051 17062->17051 17064 7ff653f12fce 17063->17064 17069 7ff653f12fbe 17063->17069 17065 7ff653f12fd7 17064->17065 17070 7ff653f13005 17064->17070 17066 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 17065->17066 17067 7ff653f12ffd 17066->17067 17067->17056 17067->17057 17067->17058 17067->17059 17068 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 17068->17067 17069->17068 17070->17067 17070->17069 17074 7ff653f139a4 17070->17074 17107 7ff653f133f0 17070->17107 17144 7ff653f12b80 17070->17144 17075 7ff653f139e6 17074->17075 17076 7ff653f13a57 17074->17076 17077 7ff653f139ec 17075->17077 17078 7ff653f13a81 17075->17078 17079 7ff653f13a5c 17076->17079 17080 7ff653f13ab0 17076->17080 17081 7ff653f13a20 17077->17081 17082 7ff653f139f1 17077->17082 17167 7ff653f11d54 17078->17167 17083 7ff653f13a5e 17079->17083 17084 7ff653f13a91 17079->17084 17086 7ff653f13ac7 17080->17086 17089 7ff653f13aba 17080->17089 17093 7ff653f13abf 17080->17093 17087 7ff653f139f7 17081->17087 17081->17093 17082->17086 17082->17087 17088 7ff653f13a00 17083->17088 17096 7ff653f13a6d 17083->17096 17174 7ff653f11944 17084->17174 17181 7ff653f146ac 17086->17181 17087->17088 17094 7ff653f13a32 17087->17094 17102 7ff653f13a1b 17087->17102 17105 7ff653f13af0 17088->17105 17147 7ff653f14158 17088->17147 17089->17078 17089->17093 17093->17105 17185 7ff653f12164 17093->17185 17094->17105 17157 7ff653f14494 17094->17157 17096->17078 17098 7ff653f13a72 17096->17098 17098->17105 17163 7ff653f14558 17098->17163 17099 7ff653f0c550 _log10_special 8 API calls 17101 7ff653f13dea 17099->17101 17101->17070 17102->17105 17106 7ff653f13cdc 17102->17106 17192 7ff653f147c0 17102->17192 17105->17099 17106->17105 17198 7ff653f1ea08 17106->17198 17108 7ff653f133fe 17107->17108 17109 7ff653f13414 17107->17109 17110 7ff653f139e6 17108->17110 17111 7ff653f13a57 17108->17111 17113 7ff653f13454 17108->17113 17112 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 17109->17112 17109->17113 17114 7ff653f139ec 17110->17114 17115 7ff653f13a81 17110->17115 17116 7ff653f13a5c 17111->17116 17117 7ff653f13ab0 17111->17117 17112->17113 17113->17070 17118 7ff653f13a20 17114->17118 17119 7ff653f139f1 17114->17119 17122 7ff653f11d54 38 API calls 17115->17122 17120 7ff653f13a5e 17116->17120 17121 7ff653f13a91 17116->17121 17123 7ff653f13ac7 17117->17123 17125 7ff653f13aba 17117->17125 17129 7ff653f13abf 17117->17129 17124 7ff653f139f7 17118->17124 17118->17129 17119->17123 17119->17124 17132 7ff653f13a6d 17120->17132 17136 7ff653f13a00 17120->17136 17127 7ff653f11944 38 API calls 17121->17127 17140 7ff653f13a1b 17122->17140 17126 7ff653f146ac 45 API calls 17123->17126 17130 7ff653f13a32 17124->17130 17124->17136 17124->17140 17125->17115 17125->17129 17126->17140 17127->17140 17128 7ff653f14158 47 API calls 17128->17140 17131 7ff653f12164 38 API calls 17129->17131 17142 7ff653f13af0 17129->17142 17133 7ff653f14494 46 API calls 17130->17133 17130->17142 17131->17140 17132->17115 17134 7ff653f13a72 17132->17134 17133->17140 17137 7ff653f14558 37 API calls 17134->17137 17134->17142 17135 7ff653f0c550 _log10_special 8 API calls 17138 7ff653f13dea 17135->17138 17136->17128 17136->17142 17137->17140 17138->17070 17139 7ff653f147c0 45 API calls 17143 7ff653f13cdc 17139->17143 17140->17139 17140->17142 17140->17143 17141 7ff653f1ea08 46 API calls 17141->17143 17142->17135 17143->17141 17143->17142 17383 7ff653f10fc8 17144->17383 17148 7ff653f1417e 17147->17148 17210 7ff653f10b80 17148->17210 17153 7ff653f147c0 45 API calls 17155 7ff653f142c3 17153->17155 17154 7ff653f14351 17154->17102 17155->17154 17156 7ff653f147c0 45 API calls 17155->17156 17156->17154 17160 7ff653f144c9 17157->17160 17158 7ff653f1450e 17158->17102 17159 7ff653f144e7 17162 7ff653f1ea08 46 API calls 17159->17162 17160->17158 17160->17159 17161 7ff653f147c0 45 API calls 17160->17161 17161->17159 17162->17158 17166 7ff653f14579 17163->17166 17164 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 17165 7ff653f145aa 17164->17165 17165->17102 17166->17164 17166->17165 17168 7ff653f11d87 17167->17168 17169 7ff653f11db6 17168->17169 17171 7ff653f11e73 17168->17171 17173 7ff653f11df3 17169->17173 17353 7ff653f10c28 17169->17353 17172 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 17171->17172 17172->17173 17173->17102 17175 7ff653f11977 17174->17175 17176 7ff653f119a6 17175->17176 17178 7ff653f11a63 17175->17178 17177 7ff653f10c28 12 API calls 17176->17177 17180 7ff653f119e3 17176->17180 17177->17180 17179 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 17178->17179 17179->17180 17180->17102 17182 7ff653f146ef 17181->17182 17184 7ff653f146f3 __crtLCMapStringW 17182->17184 17361 7ff653f14748 17182->17361 17184->17102 17186 7ff653f12197 17185->17186 17187 7ff653f121c6 17186->17187 17190 7ff653f12283 17186->17190 17188 7ff653f12203 17187->17188 17189 7ff653f10c28 12 API calls 17187->17189 17188->17102 17189->17188 17191 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 17190->17191 17191->17188 17193 7ff653f147d7 17192->17193 17365 7ff653f1d9b8 17193->17365 17200 7ff653f1ea39 17198->17200 17207 7ff653f1ea47 17198->17207 17199 7ff653f1ea67 17202 7ff653f1ea78 17199->17202 17203 7ff653f1ea9f 17199->17203 17200->17199 17201 7ff653f147c0 45 API calls 17200->17201 17200->17207 17201->17199 17373 7ff653f200a0 17202->17373 17205 7ff653f1eac9 17203->17205 17206 7ff653f1eb2a 17203->17206 17203->17207 17205->17207 17376 7ff653f1f8a0 17205->17376 17208 7ff653f1f8a0 _fread_nolock MultiByteToWideChar 17206->17208 17207->17106 17208->17207 17211 7ff653f10ba6 17210->17211 17212 7ff653f10bb7 17210->17212 17218 7ff653f1e570 17211->17218 17212->17211 17240 7ff653f1d5fc 17212->17240 17215 7ff653f10bf8 17217 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17215->17217 17216 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17216->17215 17217->17211 17219 7ff653f1e58d 17218->17219 17220 7ff653f1e5c0 17218->17220 17221 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 17219->17221 17220->17219 17222 7ff653f1e5f2 17220->17222 17231 7ff653f142a1 17221->17231 17227 7ff653f1e705 17222->17227 17235 7ff653f1e63a 17222->17235 17223 7ff653f1e7f7 17280 7ff653f1da5c 17223->17280 17225 7ff653f1e7bd 17273 7ff653f1ddf4 17225->17273 17227->17223 17227->17225 17228 7ff653f1e78c 17227->17228 17230 7ff653f1e74f 17227->17230 17232 7ff653f1e745 17227->17232 17266 7ff653f1e0d4 17228->17266 17256 7ff653f1e304 17230->17256 17231->17153 17231->17155 17232->17225 17234 7ff653f1e74a 17232->17234 17234->17228 17234->17230 17235->17231 17247 7ff653f1a4a4 17235->17247 17238 7ff653f1a900 _isindst 17 API calls 17239 7ff653f1e854 17238->17239 17241 7ff653f1d647 17240->17241 17245 7ff653f1d60b _get_daylight 17240->17245 17243 7ff653f14f08 _get_daylight 11 API calls 17241->17243 17242 7ff653f1d62e HeapAlloc 17244 7ff653f10be4 17242->17244 17242->17245 17243->17244 17244->17215 17244->17216 17245->17241 17245->17242 17246 7ff653f23590 _get_daylight 2 API calls 17245->17246 17246->17245 17248 7ff653f1a4bb 17247->17248 17249 7ff653f1a4b1 17247->17249 17250 7ff653f14f08 _get_daylight 11 API calls 17248->17250 17249->17248 17251 7ff653f1a4d6 17249->17251 17255 7ff653f1a4c2 17250->17255 17253 7ff653f1a4ce 17251->17253 17254 7ff653f14f08 _get_daylight 11 API calls 17251->17254 17252 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 17252->17253 17253->17231 17253->17238 17254->17255 17255->17252 17289 7ff653f240ac 17256->17289 17260 7ff653f1e3ac 17261 7ff653f1e401 17260->17261 17263 7ff653f1e3cc 17260->17263 17265 7ff653f1e3b0 17260->17265 17342 7ff653f1def0 17261->17342 17338 7ff653f1e1ac 17263->17338 17265->17231 17267 7ff653f240ac 38 API calls 17266->17267 17268 7ff653f1e11e 17267->17268 17269 7ff653f23af4 37 API calls 17268->17269 17270 7ff653f1e16e 17269->17270 17271 7ff653f1e172 17270->17271 17272 7ff653f1e1ac 45 API calls 17270->17272 17271->17231 17272->17271 17274 7ff653f240ac 38 API calls 17273->17274 17275 7ff653f1de3f 17274->17275 17276 7ff653f23af4 37 API calls 17275->17276 17278 7ff653f1de97 17276->17278 17277 7ff653f1de9b 17277->17231 17278->17277 17279 7ff653f1def0 45 API calls 17278->17279 17279->17277 17281 7ff653f1daa1 17280->17281 17282 7ff653f1dad4 17280->17282 17283 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 17281->17283 17284 7ff653f1daec 17282->17284 17287 7ff653f1db6d 17282->17287 17286 7ff653f1dacd __scrt_get_show_window_mode 17283->17286 17285 7ff653f1ddf4 46 API calls 17284->17285 17285->17286 17286->17231 17287->17286 17288 7ff653f147c0 45 API calls 17287->17288 17288->17286 17290 7ff653f240ff fegetenv 17289->17290 17291 7ff653f27e2c 37 API calls 17290->17291 17296 7ff653f24152 17291->17296 17292 7ff653f24242 17295 7ff653f27e2c 37 API calls 17292->17295 17293 7ff653f2417f 17298 7ff653f1a4a4 __std_exception_copy 37 API calls 17293->17298 17294 7ff653f2416d 17294->17292 17294->17293 17297 7ff653f2426c 17295->17297 17296->17292 17296->17294 17299 7ff653f2421c 17296->17299 17300 7ff653f27e2c 37 API calls 17297->17300 17301 7ff653f241fd 17298->17301 17302 7ff653f1a4a4 __std_exception_copy 37 API calls 17299->17302 17303 7ff653f2427d 17300->17303 17304 7ff653f25324 17301->17304 17308 7ff653f24205 17301->17308 17302->17301 17306 7ff653f28020 20 API calls 17303->17306 17305 7ff653f1a900 _isindst 17 API calls 17304->17305 17307 7ff653f25339 17305->17307 17316 7ff653f242e6 __scrt_get_show_window_mode 17306->17316 17309 7ff653f0c550 _log10_special 8 API calls 17308->17309 17310 7ff653f1e351 17309->17310 17334 7ff653f23af4 17310->17334 17311 7ff653f2468f __scrt_get_show_window_mode 17312 7ff653f249cf 17313 7ff653f23c10 37 API calls 17312->17313 17320 7ff653f250e7 17313->17320 17314 7ff653f2497b 17314->17312 17317 7ff653f2533c memcpy_s 37 API calls 17314->17317 17315 7ff653f24327 memcpy_s 17328 7ff653f24c6b memcpy_s __scrt_get_show_window_mode 17315->17328 17329 7ff653f24783 memcpy_s __scrt_get_show_window_mode 17315->17329 17316->17311 17316->17315 17318 7ff653f14f08 _get_daylight 11 API calls 17316->17318 17317->17312 17319 7ff653f24760 17318->17319 17321 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 17319->17321 17323 7ff653f2533c memcpy_s 37 API calls 17320->17323 17333 7ff653f25142 17320->17333 17321->17315 17322 7ff653f252c8 17324 7ff653f27e2c 37 API calls 17322->17324 17323->17333 17324->17308 17325 7ff653f14f08 11 API calls _get_daylight 17325->17328 17326 7ff653f14f08 11 API calls _get_daylight 17326->17329 17327 7ff653f1a8e0 37 API calls _invalid_parameter_noinfo 17327->17329 17328->17312 17328->17314 17328->17325 17331 7ff653f1a8e0 37 API calls _invalid_parameter_noinfo 17328->17331 17329->17314 17329->17326 17329->17327 17330 7ff653f23c10 37 API calls 17330->17333 17331->17328 17332 7ff653f2533c memcpy_s 37 API calls 17332->17333 17333->17322 17333->17330 17333->17332 17335 7ff653f23b13 17334->17335 17336 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 17335->17336 17337 7ff653f23b3e memcpy_s 17335->17337 17336->17337 17337->17260 17339 7ff653f1e1d8 memcpy_s 17338->17339 17340 7ff653f147c0 45 API calls 17339->17340 17341 7ff653f1e292 memcpy_s __scrt_get_show_window_mode 17339->17341 17340->17341 17341->17265 17343 7ff653f1df2b 17342->17343 17347 7ff653f1df78 memcpy_s 17342->17347 17344 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 17343->17344 17345 7ff653f1df57 17344->17345 17345->17265 17346 7ff653f1dfe3 17348 7ff653f1a4a4 __std_exception_copy 37 API calls 17346->17348 17347->17346 17349 7ff653f147c0 45 API calls 17347->17349 17352 7ff653f1e025 memcpy_s 17348->17352 17349->17346 17350 7ff653f1a900 _isindst 17 API calls 17351 7ff653f1e0d0 17350->17351 17352->17350 17354 7ff653f10c5f 17353->17354 17359 7ff653f10c4e 17353->17359 17355 7ff653f1d5fc _fread_nolock 12 API calls 17354->17355 17354->17359 17356 7ff653f10c90 17355->17356 17358 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17356->17358 17360 7ff653f10ca4 17356->17360 17357 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17357->17359 17358->17360 17359->17173 17360->17357 17362 7ff653f14766 17361->17362 17363 7ff653f1476e 17361->17363 17364 7ff653f147c0 45 API calls 17362->17364 17363->17184 17364->17363 17366 7ff653f147ff 17365->17366 17367 7ff653f1d9d1 17365->17367 17369 7ff653f1da24 17366->17369 17367->17366 17368 7ff653f23304 45 API calls 17367->17368 17368->17366 17370 7ff653f1da3d 17369->17370 17371 7ff653f1480f 17369->17371 17370->17371 17372 7ff653f22650 45 API calls 17370->17372 17371->17106 17372->17371 17379 7ff653f26d88 17373->17379 17378 7ff653f1f8a9 MultiByteToWideChar 17376->17378 17382 7ff653f26dec 17379->17382 17380 7ff653f0c550 _log10_special 8 API calls 17381 7ff653f200bd 17380->17381 17381->17207 17382->17380 17384 7ff653f10ffd 17383->17384 17385 7ff653f1100f 17383->17385 17386 7ff653f14f08 _get_daylight 11 API calls 17384->17386 17388 7ff653f1101d 17385->17388 17391 7ff653f11059 17385->17391 17387 7ff653f11002 17386->17387 17389 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 17387->17389 17390 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 17388->17390 17395 7ff653f1100d 17389->17395 17390->17395 17392 7ff653f113d5 17391->17392 17394 7ff653f14f08 _get_daylight 11 API calls 17391->17394 17393 7ff653f14f08 _get_daylight 11 API calls 17392->17393 17392->17395 17396 7ff653f11669 17393->17396 17397 7ff653f113ca 17394->17397 17395->17070 17398 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 17396->17398 17399 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 17397->17399 17398->17395 17399->17392 17401 7ff653f10704 17400->17401 17428 7ff653f10464 17401->17428 17403 7ff653f1071d 17403->16724 17440 7ff653f103bc 17404->17440 17408 7ff653f0c850 17407->17408 17409 7ff653f02930 GetCurrentProcessId 17408->17409 17410 7ff653f01c80 49 API calls 17409->17410 17411 7ff653f02979 17410->17411 17454 7ff653f14984 17411->17454 17416 7ff653f01c80 49 API calls 17417 7ff653f029ff 17416->17417 17484 7ff653f02620 17417->17484 17420 7ff653f0c550 _log10_special 8 API calls 17421 7ff653f02a31 17420->17421 17421->16763 17423 7ff653f10119 17422->17423 17424 7ff653f01b89 17422->17424 17425 7ff653f14f08 _get_daylight 11 API calls 17423->17425 17424->16762 17424->16763 17426 7ff653f1011e 17425->17426 17427 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 17426->17427 17427->17424 17429 7ff653f104ce 17428->17429 17430 7ff653f1048e 17428->17430 17429->17430 17432 7ff653f104da 17429->17432 17431 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 17430->17431 17438 7ff653f104b5 17431->17438 17439 7ff653f1546c EnterCriticalSection 17432->17439 17438->17403 17441 7ff653f103e6 17440->17441 17442 7ff653f01a20 17440->17442 17441->17442 17443 7ff653f10432 17441->17443 17444 7ff653f103f5 __scrt_get_show_window_mode 17441->17444 17442->16731 17442->16732 17453 7ff653f1546c EnterCriticalSection 17443->17453 17447 7ff653f14f08 _get_daylight 11 API calls 17444->17447 17448 7ff653f1040a 17447->17448 17450 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 17448->17450 17450->17442 17455 7ff653f149de 17454->17455 17456 7ff653f14a03 17455->17456 17458 7ff653f14a3f 17455->17458 17457 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 17456->17457 17460 7ff653f14a2d 17457->17460 17493 7ff653f12c10 17458->17493 17462 7ff653f0c550 _log10_special 8 API calls 17460->17462 17461 7ff653f14b1c 17463 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17461->17463 17464 7ff653f029c3 17462->17464 17463->17460 17472 7ff653f15160 17464->17472 17466 7ff653f14b40 17466->17461 17468 7ff653f14b4a 17466->17468 17467 7ff653f14af1 17469 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17467->17469 17471 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17468->17471 17469->17460 17470 7ff653f14ae8 17470->17461 17470->17467 17471->17460 17473 7ff653f1b2c8 _get_daylight 11 API calls 17472->17473 17474 7ff653f15177 17473->17474 17475 7ff653f029e5 17474->17475 17476 7ff653f1eb98 _get_daylight 11 API calls 17474->17476 17479 7ff653f151b7 17474->17479 17475->17416 17477 7ff653f151ac 17476->17477 17478 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17477->17478 17478->17479 17479->17475 17631 7ff653f1ec20 17479->17631 17482 7ff653f1a900 _isindst 17 API calls 17483 7ff653f151fc 17482->17483 17485 7ff653f0262f 17484->17485 17486 7ff653f09390 2 API calls 17485->17486 17487 7ff653f02660 17486->17487 17488 7ff653f02683 MessageBoxA 17487->17488 17489 7ff653f0266f MessageBoxW 17487->17489 17490 7ff653f02690 17488->17490 17489->17490 17491 7ff653f0c550 _log10_special 8 API calls 17490->17491 17492 7ff653f026a0 17491->17492 17492->17420 17494 7ff653f12c4e 17493->17494 17495 7ff653f12c3e 17493->17495 17496 7ff653f12c57 17494->17496 17505 7ff653f12c85 17494->17505 17497 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 17495->17497 17498 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 17496->17498 17499 7ff653f12c7d 17497->17499 17498->17499 17499->17461 17499->17466 17499->17467 17499->17470 17500 7ff653f147c0 45 API calls 17500->17505 17502 7ff653f12f34 17504 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 17502->17504 17504->17495 17505->17495 17505->17499 17505->17500 17505->17502 17507 7ff653f135a0 17505->17507 17533 7ff653f13268 17505->17533 17563 7ff653f12af0 17505->17563 17508 7ff653f135e2 17507->17508 17509 7ff653f13655 17507->17509 17510 7ff653f135e8 17508->17510 17511 7ff653f1367f 17508->17511 17512 7ff653f1365a 17509->17512 17513 7ff653f136af 17509->17513 17520 7ff653f135ed 17510->17520 17524 7ff653f136be 17510->17524 17580 7ff653f11b50 17511->17580 17514 7ff653f1365c 17512->17514 17515 7ff653f1368f 17512->17515 17513->17511 17513->17524 17531 7ff653f13618 17513->17531 17517 7ff653f135fd 17514->17517 17523 7ff653f1366b 17514->17523 17587 7ff653f11740 17515->17587 17532 7ff653f136ed 17517->17532 17566 7ff653f13f04 17517->17566 17520->17517 17522 7ff653f13630 17520->17522 17520->17531 17522->17532 17576 7ff653f143c0 17522->17576 17523->17511 17526 7ff653f13670 17523->17526 17524->17532 17594 7ff653f11f60 17524->17594 17528 7ff653f14558 37 API calls 17526->17528 17526->17532 17527 7ff653f0c550 _log10_special 8 API calls 17529 7ff653f13983 17527->17529 17528->17531 17529->17505 17531->17532 17601 7ff653f1e858 17531->17601 17532->17527 17534 7ff653f13289 17533->17534 17535 7ff653f13273 17533->17535 17536 7ff653f132c7 17534->17536 17539 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 17534->17539 17535->17536 17537 7ff653f135e2 17535->17537 17538 7ff653f13655 17535->17538 17536->17505 17540 7ff653f135e8 17537->17540 17541 7ff653f1367f 17537->17541 17542 7ff653f1365a 17538->17542 17543 7ff653f136af 17538->17543 17539->17536 17550 7ff653f135ed 17540->17550 17552 7ff653f136be 17540->17552 17546 7ff653f11b50 38 API calls 17541->17546 17544 7ff653f1365c 17542->17544 17545 7ff653f1368f 17542->17545 17543->17541 17543->17552 17561 7ff653f13618 17543->17561 17547 7ff653f135fd 17544->17547 17554 7ff653f1366b 17544->17554 17548 7ff653f11740 38 API calls 17545->17548 17546->17561 17549 7ff653f13f04 47 API calls 17547->17549 17562 7ff653f136ed 17547->17562 17548->17561 17549->17561 17550->17547 17551 7ff653f13630 17550->17551 17550->17561 17555 7ff653f143c0 47 API calls 17551->17555 17551->17562 17553 7ff653f11f60 38 API calls 17552->17553 17552->17562 17553->17561 17554->17541 17556 7ff653f13670 17554->17556 17555->17561 17558 7ff653f14558 37 API calls 17556->17558 17556->17562 17557 7ff653f0c550 _log10_special 8 API calls 17559 7ff653f13983 17557->17559 17558->17561 17559->17505 17560 7ff653f1e858 47 API calls 17560->17561 17561->17560 17561->17562 17562->17557 17614 7ff653f10d14 17563->17614 17567 7ff653f13f26 17566->17567 17568 7ff653f10b80 12 API calls 17567->17568 17569 7ff653f13f6e 17568->17569 17570 7ff653f1e570 46 API calls 17569->17570 17571 7ff653f14041 17570->17571 17573 7ff653f14063 17571->17573 17574 7ff653f147c0 45 API calls 17571->17574 17572 7ff653f140ec 17572->17531 17573->17572 17575 7ff653f147c0 45 API calls 17573->17575 17574->17573 17575->17572 17577 7ff653f143d8 17576->17577 17579 7ff653f14440 17576->17579 17578 7ff653f1e858 47 API calls 17577->17578 17577->17579 17578->17579 17579->17531 17581 7ff653f11b83 17580->17581 17582 7ff653f11bb2 17581->17582 17584 7ff653f11c6f 17581->17584 17583 7ff653f10b80 12 API calls 17582->17583 17586 7ff653f11bef 17582->17586 17583->17586 17585 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 17584->17585 17585->17586 17586->17531 17589 7ff653f11773 17587->17589 17588 7ff653f117a2 17590 7ff653f10b80 12 API calls 17588->17590 17593 7ff653f117df 17588->17593 17589->17588 17591 7ff653f1185f 17589->17591 17590->17593 17592 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 17591->17592 17592->17593 17593->17531 17595 7ff653f11f93 17594->17595 17596 7ff653f11fc2 17595->17596 17598 7ff653f1207f 17595->17598 17597 7ff653f10b80 12 API calls 17596->17597 17599 7ff653f11fff 17596->17599 17597->17599 17600 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 17598->17600 17599->17531 17600->17599 17602 7ff653f1e880 17601->17602 17603 7ff653f1e8c5 17602->17603 17605 7ff653f147c0 45 API calls 17602->17605 17607 7ff653f1e885 __scrt_get_show_window_mode 17602->17607 17610 7ff653f1e8ae __scrt_get_show_window_mode 17602->17610 17603->17607 17603->17610 17611 7ff653f207e8 17603->17611 17604 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 17604->17607 17605->17603 17607->17531 17610->17604 17610->17607 17613 7ff653f2080c WideCharToMultiByte 17611->17613 17615 7ff653f10d41 17614->17615 17616 7ff653f10d53 17614->17616 17617 7ff653f14f08 _get_daylight 11 API calls 17615->17617 17619 7ff653f10d60 17616->17619 17622 7ff653f10d9d 17616->17622 17618 7ff653f10d46 17617->17618 17620 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 17618->17620 17621 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 17619->17621 17626 7ff653f10d51 17620->17626 17621->17626 17623 7ff653f10e46 17622->17623 17624 7ff653f14f08 _get_daylight 11 API calls 17622->17624 17625 7ff653f14f08 _get_daylight 11 API calls 17623->17625 17623->17626 17627 7ff653f10e3b 17624->17627 17628 7ff653f10ef0 17625->17628 17626->17505 17629 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 17627->17629 17630 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 17628->17630 17629->17623 17630->17626 17635 7ff653f1ec3d 17631->17635 17632 7ff653f1ec42 17633 7ff653f151dd 17632->17633 17634 7ff653f14f08 _get_daylight 11 API calls 17632->17634 17633->17475 17633->17482 17639 7ff653f1ec4c 17634->17639 17635->17632 17635->17633 17637 7ff653f1ec8c 17635->17637 17636 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 17636->17633 17637->17633 17638 7ff653f14f08 _get_daylight 11 API calls 17637->17638 17638->17639 17639->17636 17641 7ff653f085b1 GetTokenInformation 17640->17641 17644 7ff653f08633 __std_exception_copy 17640->17644 17642 7ff653f085dd 17641->17642 17643 7ff653f085d2 GetLastError 17641->17643 17642->17644 17647 7ff653f085f9 GetTokenInformation 17642->17647 17643->17642 17643->17644 17645 7ff653f08646 CloseHandle 17644->17645 17646 7ff653f0864c 17644->17646 17645->17646 17646->16781 17647->17644 17648 7ff653f0861c 17647->17648 17648->17644 17649 7ff653f08626 ConvertSidToStringSidW 17648->17649 17649->17644 17651 7ff653f0c850 17650->17651 17652 7ff653f02b74 GetCurrentProcessId 17651->17652 17653 7ff653f026b0 48 API calls 17652->17653 17654 7ff653f02bc7 17653->17654 17655 7ff653f14bd8 48 API calls 17654->17655 17656 7ff653f02c10 MessageBoxW 17655->17656 17657 7ff653f0c550 _log10_special 8 API calls 17656->17657 17658 7ff653f02c40 17657->17658 17658->16791 17660 7ff653f025e5 17659->17660 17661 7ff653f14bd8 48 API calls 17660->17661 17662 7ff653f02604 17661->17662 17662->16807 17708 7ff653f18794 17663->17708 17667 7ff653f081dc 17666->17667 17668 7ff653f09390 2 API calls 17667->17668 17669 7ff653f081fb 17668->17669 17670 7ff653f08216 ExpandEnvironmentStringsW 17669->17670 17671 7ff653f08203 17669->17671 17672 7ff653f0823c __std_exception_copy 17670->17672 17673 7ff653f02810 49 API calls 17671->17673 17674 7ff653f08240 17672->17674 17675 7ff653f08253 17672->17675 17697 7ff653f0820f __std_exception_copy 17673->17697 17676 7ff653f02810 49 API calls 17674->17676 17679 7ff653f082bf 17675->17679 17680 7ff653f08261 GetDriveTypeW 17675->17680 17676->17697 17677 7ff653f0c550 _log10_special 8 API calls 17678 7ff653f083af 17677->17678 17678->16805 17698 7ff653f18238 17678->17698 17681 7ff653f17e08 45 API calls 17679->17681 17684 7ff653f082b0 17680->17684 17685 7ff653f08295 17680->17685 17683 7ff653f082d1 17681->17683 17687 7ff653f082d9 17683->17687 17691 7ff653f082ec 17683->17691 17831 7ff653f1796c 17684->17831 17688 7ff653f02810 49 API calls 17685->17688 17689 7ff653f02810 49 API calls 17687->17689 17688->17697 17689->17697 17690 7ff653f0834e CreateDirectoryW 17692 7ff653f0835d GetLastError 17690->17692 17690->17697 17691->17690 17693 7ff653f026b0 48 API calls 17691->17693 17694 7ff653f0836a GetLastError 17692->17694 17692->17697 17695 7ff653f08328 CreateDirectoryW 17693->17695 17696 7ff653f02c50 51 API calls 17694->17696 17695->17691 17696->17697 17697->17677 17699 7ff653f18258 17698->17699 17700 7ff653f18245 17698->17700 17847 7ff653f17ebc 17699->17847 17702 7ff653f14f08 _get_daylight 11 API calls 17700->17702 17704 7ff653f1824a 17702->17704 17705 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 17704->17705 17707 7ff653f18256 17705->17707 17707->16809 17749 7ff653f21558 17708->17749 17808 7ff653f212d0 17749->17808 17829 7ff653f202d8 EnterCriticalSection 17808->17829 17832 7ff653f179bd 17831->17832 17833 7ff653f1798a 17831->17833 17832->17697 17833->17832 17838 7ff653f20474 17833->17838 17836 7ff653f1a900 _isindst 17 API calls 17837 7ff653f179ed 17836->17837 17839 7ff653f20481 17838->17839 17841 7ff653f2048b 17838->17841 17839->17841 17845 7ff653f204a7 17839->17845 17840 7ff653f14f08 _get_daylight 11 API calls 17842 7ff653f20493 17840->17842 17841->17840 17843 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 17842->17843 17844 7ff653f179b9 17843->17844 17844->17832 17844->17836 17845->17844 17846 7ff653f14f08 _get_daylight 11 API calls 17845->17846 17846->17842 17854 7ff653f202d8 EnterCriticalSection 17847->17854 17856 7ff653f0456a 17855->17856 17857 7ff653f09390 2 API calls 17856->17857 17858 7ff653f0458f 17857->17858 17859 7ff653f0c550 _log10_special 8 API calls 17858->17859 17860 7ff653f045b7 17859->17860 17860->16833 17862 7ff653f07e2e 17861->17862 17863 7ff653f07f52 17862->17863 17864 7ff653f01c80 49 API calls 17862->17864 17865 7ff653f0c550 _log10_special 8 API calls 17863->17865 17869 7ff653f07eb5 17864->17869 17866 7ff653f07f83 17865->17866 17866->16833 17867 7ff653f01c80 49 API calls 17867->17869 17868 7ff653f04560 10 API calls 17868->17869 17869->17863 17869->17867 17869->17868 17870 7ff653f09390 2 API calls 17869->17870 17871 7ff653f07f23 CreateDirectoryW 17870->17871 17871->17863 17871->17869 17873 7ff653f01613 17872->17873 17874 7ff653f01637 17872->17874 17993 7ff653f01050 17873->17993 17876 7ff653f045c0 108 API calls 17874->17876 17878 7ff653f0164b 17876->17878 17877 7ff653f01618 17881 7ff653f0162e 17877->17881 17884 7ff653f02710 54 API calls 17877->17884 17879 7ff653f01653 17878->17879 17880 7ff653f01682 17878->17880 17882 7ff653f14f08 _get_daylight 11 API calls 17879->17882 17883 7ff653f045c0 108 API calls 17880->17883 17881->16833 17885 7ff653f01658 17882->17885 17886 7ff653f01696 17883->17886 17884->17881 17887 7ff653f02910 54 API calls 17885->17887 17888 7ff653f0169e 17886->17888 17889 7ff653f016b8 17886->17889 17890 7ff653f01671 17887->17890 17891 7ff653f02710 54 API calls 17888->17891 17892 7ff653f106d4 73 API calls 17889->17892 17890->16833 17893 7ff653f016ae 17891->17893 17894 7ff653f016cd 17892->17894 17899 7ff653f1004c 74 API calls 17893->17899 17895 7ff653f016d1 17894->17895 17896 7ff653f016f9 17894->17896 17900 7ff653f14f08 _get_daylight 11 API calls 17895->17900 17897 7ff653f016ff 17896->17897 17898 7ff653f01717 17896->17898 17971 7ff653f01210 17897->17971 17905 7ff653f01739 17898->17905 17915 7ff653f01761 17898->17915 17903 7ff653f01829 17899->17903 17901 7ff653f016d6 17900->17901 17904 7ff653f02910 54 API calls 17901->17904 17903->16833 17911 7ff653f016ef __std_exception_copy 17904->17911 17907 7ff653f14f08 _get_daylight 11 API calls 17905->17907 17906 7ff653f1004c 74 API calls 17906->17893 17908 7ff653f0173e 17907->17908 17910 7ff653f02910 54 API calls 17908->17910 17909 7ff653f1039c _fread_nolock 53 API calls 17909->17915 17910->17911 17911->17906 17912 7ff653f017da 17914 7ff653f14f08 _get_daylight 11 API calls 17912->17914 17916 7ff653f017ca 17914->17916 17915->17909 17915->17911 17915->17912 17917 7ff653f017c5 17915->17917 18024 7ff653f10adc 17915->18024 17918 7ff653f02910 54 API calls 17916->17918 17919 7ff653f14f08 _get_daylight 11 API calls 17917->17919 17918->17911 17919->17916 17921 7ff653f0718b 17920->17921 17923 7ff653f07144 17920->17923 17921->16833 17923->17921 18057 7ff653f15024 17923->18057 17925 7ff653f041a1 17924->17925 17926 7ff653f044e0 49 API calls 17925->17926 17927 7ff653f041db 17926->17927 17928 7ff653f044e0 49 API calls 17927->17928 17929 7ff653f041eb 17928->17929 17930 7ff653f0420d 17929->17930 17931 7ff653f0423c 17929->17931 18072 7ff653f04110 17930->18072 17933 7ff653f04110 51 API calls 17931->17933 17934 7ff653f0423a 17933->17934 17935 7ff653f0429c 17934->17935 17936 7ff653f04267 17934->17936 17937 7ff653f04110 51 API calls 17935->17937 18079 7ff653f07cf0 17936->18079 17939 7ff653f042c0 17937->17939 17942 7ff653f04110 51 API calls 17939->17942 17944 7ff653f04312 17939->17944 17941 7ff653f04297 17946 7ff653f0c550 _log10_special 8 API calls 17941->17946 17947 7ff653f042e9 17942->17947 17943 7ff653f04393 17948 7ff653f01950 115 API calls 17943->17948 17944->17943 17953 7ff653f0438c 17944->17953 17956 7ff653f04317 17944->17956 17958 7ff653f0437b 17944->17958 17945 7ff653f02710 54 API calls 17945->17941 17949 7ff653f04435 17946->17949 17947->17944 17951 7ff653f04110 51 API calls 17947->17951 17950 7ff653f0439d 17948->17950 17949->16833 17952 7ff653f043fe 17950->17952 17955 7ff653f043a5 17950->17955 17951->17944 17954 7ff653f02710 54 API calls 17952->17954 17953->17955 17953->17956 17954->17956 18105 7ff653f01840 17955->18105 17961 7ff653f02710 54 API calls 17956->17961 17960 7ff653f02710 54 API calls 17958->17960 17960->17956 17961->17941 17962 7ff653f043d2 17965 7ff653f01600 118 API calls 17962->17965 17963 7ff653f043bc 17964 7ff653f02710 54 API calls 17963->17964 17964->17941 17966 7ff653f043e0 17965->17966 17966->17941 17967 7ff653f02710 54 API calls 17966->17967 17967->17941 17969 7ff653f01c80 49 API calls 17968->17969 17970 7ff653f04474 17969->17970 17970->16833 17972 7ff653f01268 17971->17972 17973 7ff653f0126f 17972->17973 17974 7ff653f01297 17972->17974 17975 7ff653f02710 54 API calls 17973->17975 17977 7ff653f012d4 17974->17977 17978 7ff653f012b1 17974->17978 17976 7ff653f01282 17975->17976 17976->17911 17982 7ff653f012e6 17977->17982 17991 7ff653f01309 memcpy_s 17977->17991 17979 7ff653f14f08 _get_daylight 11 API calls 17978->17979 17980 7ff653f012b6 17979->17980 17981 7ff653f02910 54 API calls 17980->17981 17987 7ff653f012cf __std_exception_copy 17981->17987 17983 7ff653f14f08 _get_daylight 11 API calls 17982->17983 17985 7ff653f012eb 17983->17985 17984 7ff653f1039c _fread_nolock 53 API calls 17984->17991 17986 7ff653f02910 54 API calls 17985->17986 17986->17987 17987->17911 17988 7ff653f013cf 17989 7ff653f02710 54 API calls 17988->17989 17989->17987 17990 7ff653f10adc 76 API calls 17990->17991 17991->17984 17991->17987 17991->17988 17991->17990 17992 7ff653f10110 37 API calls 17991->17992 17992->17991 17994 7ff653f045c0 108 API calls 17993->17994 17995 7ff653f0108c 17994->17995 17996 7ff653f01094 17995->17996 17997 7ff653f010a9 17995->17997 17998 7ff653f02710 54 API calls 17996->17998 17999 7ff653f106d4 73 API calls 17997->17999 18005 7ff653f010a4 __std_exception_copy 17998->18005 18000 7ff653f010bf 17999->18000 18001 7ff653f010c3 18000->18001 18002 7ff653f010e6 18000->18002 18003 7ff653f14f08 _get_daylight 11 API calls 18001->18003 18006 7ff653f01122 18002->18006 18007 7ff653f010f7 18002->18007 18004 7ff653f010c8 18003->18004 18008 7ff653f02910 54 API calls 18004->18008 18005->17877 18010 7ff653f01129 18006->18010 18018 7ff653f0113c 18006->18018 18009 7ff653f14f08 _get_daylight 11 API calls 18007->18009 18015 7ff653f010e1 __std_exception_copy 18008->18015 18011 7ff653f01100 18009->18011 18012 7ff653f01210 92 API calls 18010->18012 18013 7ff653f02910 54 API calls 18011->18013 18012->18015 18013->18015 18014 7ff653f1004c 74 API calls 18016 7ff653f011b4 18014->18016 18015->18014 18016->18005 18028 7ff653f046f0 18016->18028 18017 7ff653f1039c _fread_nolock 53 API calls 18017->18018 18018->18015 18018->18017 18020 7ff653f011ed 18018->18020 18021 7ff653f14f08 _get_daylight 11 API calls 18020->18021 18022 7ff653f011f2 18021->18022 18023 7ff653f02910 54 API calls 18022->18023 18023->18015 18025 7ff653f10b0c 18024->18025 18042 7ff653f1082c 18025->18042 18027 7ff653f10b2a 18027->17915 18029 7ff653f04700 18028->18029 18030 7ff653f09390 2 API calls 18029->18030 18031 7ff653f0472b 18030->18031 18032 7ff653f09390 2 API calls 18031->18032 18038 7ff653f0479e 18031->18038 18034 7ff653f04746 18032->18034 18033 7ff653f0c550 _log10_special 8 API calls 18035 7ff653f047b9 18033->18035 18036 7ff653f0474b CreateSymbolicLinkW 18034->18036 18034->18038 18035->18005 18037 7ff653f04775 18036->18037 18036->18038 18037->18038 18038->18033 18043 7ff653f10879 18042->18043 18044 7ff653f1084c 18042->18044 18043->18027 18044->18043 18045 7ff653f10856 18044->18045 18046 7ff653f10881 18044->18046 18047 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 18045->18047 18049 7ff653f1076c 18046->18049 18047->18043 18056 7ff653f1546c EnterCriticalSection 18049->18056 18058 7ff653f15031 18057->18058 18060 7ff653f1505e 18057->18060 18059 7ff653f14f08 _get_daylight 11 API calls 18058->18059 18065 7ff653f14fe8 18058->18065 18064 7ff653f1503b 18059->18064 18061 7ff653f15081 18060->18061 18063 7ff653f1509d 18060->18063 18062 7ff653f14f08 _get_daylight 11 API calls 18061->18062 18066 7ff653f15086 18062->18066 18067 7ff653f14f4c 45 API calls 18063->18067 18068 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 18064->18068 18065->17923 18069 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 18066->18069 18071 7ff653f15091 18067->18071 18070 7ff653f15046 18068->18070 18069->18071 18070->17923 18071->17923 18073 7ff653f04136 18072->18073 18074 7ff653f14984 49 API calls 18073->18074 18075 7ff653f0415c 18074->18075 18076 7ff653f0416d 18075->18076 18077 7ff653f04560 10 API calls 18075->18077 18076->17934 18078 7ff653f0417f 18077->18078 18078->17934 18080 7ff653f07d05 18079->18080 18081 7ff653f045c0 108 API calls 18080->18081 18082 7ff653f07d2b 18081->18082 18083 7ff653f045c0 108 API calls 18082->18083 18097 7ff653f07d52 18082->18097 18084 7ff653f07d42 18083->18084 18086 7ff653f07d4d 18084->18086 18087 7ff653f07d5c 18084->18087 18085 7ff653f0c550 _log10_special 8 API calls 18088 7ff653f04277 18085->18088 18089 7ff653f1004c 74 API calls 18086->18089 18109 7ff653f100e4 18087->18109 18088->17941 18088->17945 18089->18097 18091 7ff653f07dbf 18092 7ff653f1004c 74 API calls 18091->18092 18093 7ff653f07de7 18092->18093 18094 7ff653f1039c _fread_nolock 53 API calls 18103 7ff653f07d61 18094->18103 18096 7ff653f07dc6 18099 7ff653f10110 37 API calls 18096->18099 18097->18085 18098 7ff653f10adc 76 API calls 18098->18103 18100 7ff653f07dc1 18099->18100 18100->18091 18115 7ff653f17318 18100->18115 18101 7ff653f10110 37 API calls 18101->18103 18103->18091 18103->18094 18103->18096 18103->18098 18103->18100 18103->18101 18104 7ff653f100e4 37 API calls 18103->18104 18104->18103 18107 7ff653f018d5 18105->18107 18108 7ff653f01865 18105->18108 18106 7ff653f15024 45 API calls 18106->18108 18107->17962 18107->17963 18108->18106 18108->18107 18110 7ff653f100ed 18109->18110 18111 7ff653f100fd 18109->18111 18112 7ff653f14f08 _get_daylight 11 API calls 18110->18112 18111->18103 18113 7ff653f100f2 18112->18113 18114 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 18113->18114 18114->18111 18116 7ff653f17320 18115->18116 18136 7ff653f15ec8 18135->18136 18137 7ff653f15eee 18136->18137 18140 7ff653f15f21 18136->18140 18138 7ff653f14f08 _get_daylight 11 API calls 18137->18138 18139 7ff653f15ef3 18138->18139 18141 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 18139->18141 18142 7ff653f15f27 18140->18142 18143 7ff653f15f34 18140->18143 18147 7ff653f04616 18141->18147 18144 7ff653f14f08 _get_daylight 11 API calls 18142->18144 18154 7ff653f1ac28 18143->18154 18144->18147 18147->16869 18167 7ff653f202d8 EnterCriticalSection 18154->18167 18527 7ff653f178f8 18526->18527 18530 7ff653f173d4 18527->18530 18529 7ff653f17911 18529->16879 18531 7ff653f1741e 18530->18531 18532 7ff653f173ef 18530->18532 18540 7ff653f1546c EnterCriticalSection 18531->18540 18534 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 18532->18534 18535 7ff653f1740f 18534->18535 18535->18529 18542 7ff653f0fe71 18541->18542 18543 7ff653f0fe43 18541->18543 18545 7ff653f0fe63 18542->18545 18551 7ff653f1546c EnterCriticalSection 18542->18551 18544 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 18543->18544 18544->18545 18545->16883 18553 7ff653f045c0 108 API calls 18552->18553 18554 7ff653f01493 18553->18554 18555 7ff653f014bc 18554->18555 18556 7ff653f0149b 18554->18556 18558 7ff653f106d4 73 API calls 18555->18558 18557 7ff653f02710 54 API calls 18556->18557 18559 7ff653f014ab 18557->18559 18560 7ff653f014d1 18558->18560 18559->16916 18561 7ff653f014d5 18560->18561 18562 7ff653f014f8 18560->18562 18563 7ff653f14f08 _get_daylight 11 API calls 18561->18563 18566 7ff653f01532 18562->18566 18567 7ff653f01508 18562->18567 18564 7ff653f014da 18563->18564 18565 7ff653f02910 54 API calls 18564->18565 18574 7ff653f014f3 __std_exception_copy 18565->18574 18569 7ff653f01538 18566->18569 18577 7ff653f0154b 18566->18577 18568 7ff653f14f08 _get_daylight 11 API calls 18567->18568 18570 7ff653f01510 18568->18570 18571 7ff653f01210 92 API calls 18569->18571 18572 7ff653f02910 54 API calls 18570->18572 18571->18574 18572->18574 18573 7ff653f1004c 74 API calls 18576 7ff653f015c4 18573->18576 18574->18573 18575 7ff653f1039c _fread_nolock 53 API calls 18575->18577 18576->16916 18577->18574 18577->18575 18578 7ff653f015d6 18577->18578 18579 7ff653f14f08 _get_daylight 11 API calls 18578->18579 18580 7ff653f015db 18579->18580 18581 7ff653f02910 54 API calls 18580->18581 18581->18574 18583 7ff653f09390 2 API calls 18582->18583 18584 7ff653f08e94 LoadLibraryExW 18583->18584 18585 7ff653f08eb3 __std_exception_copy 18584->18585 18585->16950 18659 7ff653f06375 18658->18659 18660 7ff653f01c80 49 API calls 18659->18660 18661 7ff653f063b1 18660->18661 18662 7ff653f063dd 18661->18662 18663 7ff653f063ba 18661->18663 18665 7ff653f04630 49 API calls 18662->18665 18664 7ff653f02710 54 API calls 18663->18664 18666 7ff653f063d3 18664->18666 18667 7ff653f063f5 18665->18667 18670 7ff653f0c550 _log10_special 8 API calls 18666->18670 18668 7ff653f06413 18667->18668 18671 7ff653f02710 54 API calls 18667->18671 18669 7ff653f04560 10 API calls 18668->18669 18672 7ff653f0641d 18669->18672 18673 7ff653f0336e 18670->18673 18671->18668 18674 7ff653f0642b 18672->18674 18675 7ff653f08e80 3 API calls 18672->18675 18673->16990 18689 7ff653f06500 18673->18689 18676 7ff653f04630 49 API calls 18674->18676 18675->18674 18677 7ff653f06444 18676->18677 18678 7ff653f06469 18677->18678 18679 7ff653f06449 18677->18679 18681 7ff653f08e80 3 API calls 18678->18681 18680 7ff653f02710 54 API calls 18679->18680 18680->18666 18682 7ff653f06476 18681->18682 18683 7ff653f06482 18682->18683 18684 7ff653f064c1 18682->18684 18686 7ff653f09390 2 API calls 18683->18686 18748 7ff653f05830 GetProcAddress 18684->18748 18687 7ff653f0649a GetLastError 18686->18687 18688 7ff653f02c50 51 API calls 18687->18688 18688->18666 18838 7ff653f05400 18689->18838 18691 7ff653f06526 18692 7ff653f0653f 18691->18692 18693 7ff653f0652e 18691->18693 18845 7ff653f04c90 18692->18845 18694 7ff653f02710 54 API calls 18693->18694 18725 7ff653f0653a 18694->18725 18697 7ff653f0655c 18700 7ff653f0656c 18697->18700 18702 7ff653f0657d 18697->18702 18698 7ff653f0654b 18699 7ff653f02710 54 API calls 18698->18699 18699->18725 18701 7ff653f02710 54 API calls 18700->18701 18701->18725 18703 7ff653f065ad 18702->18703 18704 7ff653f0659c 18702->18704 18706 7ff653f065cd 18703->18706 18707 7ff653f065bc 18703->18707 18725->16986 18727 7ff653f06070 18726->18727 18727->18727 18728 7ff653f06099 18727->18728 18732 7ff653f060b0 __std_exception_copy 18727->18732 18729 7ff653f02710 54 API calls 18728->18729 18730 7ff653f060a5 18729->18730 18730->16988 18731 7ff653f01470 116 API calls 18731->18732 18732->18731 18733 7ff653f02710 54 API calls 18732->18733 18734 7ff653f061bb 18732->18734 18733->18732 18734->16988 18749 7ff653f05852 GetLastError 18748->18749 18750 7ff653f0587f GetProcAddress 18748->18750 18753 7ff653f0585f 18749->18753 18751 7ff653f0589b GetLastError 18750->18751 18752 7ff653f058aa GetProcAddress 18750->18752 18751->18753 18754 7ff653f058d5 GetProcAddress 18752->18754 18755 7ff653f058c6 GetLastError 18752->18755 18756 7ff653f02c50 51 API calls 18753->18756 18757 7ff653f05903 GetProcAddress 18754->18757 18758 7ff653f058f1 GetLastError 18754->18758 18755->18753 18759 7ff653f05874 18756->18759 18760 7ff653f05931 GetProcAddress 18757->18760 18761 7ff653f0591f GetLastError 18757->18761 18758->18753 18759->18666 18761->18753 18840 7ff653f0542c 18838->18840 18839 7ff653f05434 18839->18691 18840->18839 18842 7ff653f055d4 18840->18842 18869 7ff653f16aa4 18840->18869 18841 7ff653f05797 __std_exception_copy 18841->18691 18842->18841 18843 7ff653f047d0 47 API calls 18842->18843 18843->18842 18846 7ff653f04cc0 18845->18846 18847 7ff653f0c550 _log10_special 8 API calls 18846->18847 18848 7ff653f04d2a 18847->18848 18848->18697 18848->18698 18870 7ff653f16ad4 18869->18870 18873 7ff653f15fa0 18870->18873 18872 7ff653f16b04 18872->18840 18874 7ff653f15fd1 18873->18874 18875 7ff653f15fe3 18873->18875 18876 7ff653f14f08 _get_daylight 11 API calls 18874->18876 18877 7ff653f1602d 18875->18877 18879 7ff653f15ff0 18875->18879 18878 7ff653f15fd6 18876->18878 18880 7ff653f16048 18877->18880 18884 7ff653f147c0 45 API calls 18877->18884 18882 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 18878->18882 18883 7ff653f1a814 _invalid_parameter_noinfo 37 API calls 18879->18883 18885 7ff653f1606a 18880->18885 18894 7ff653f16a2c 18880->18894 18889 7ff653f15fe1 18882->18889 18883->18889 18884->18880 18886 7ff653f1610b 18885->18886 18887 7ff653f14f08 _get_daylight 11 API calls 18885->18887 18888 7ff653f14f08 _get_daylight 11 API calls 18886->18888 18886->18889 18890 7ff653f16100 18887->18890 18891 7ff653f161b6 18888->18891 18889->18872 18892 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 18890->18892 18893 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 18891->18893 18892->18886 18893->18889 18895 7ff653f16a66 18894->18895 18896 7ff653f16a4f 18894->18896 18898 7ff653f16a54 18895->18898 18905 7ff653f1ff98 18895->18905 18900 7ff653f1ff68 18896->18900 18898->18880 18901 7ff653f1b150 _CallSETranslator 45 API calls 18900->18901 18906 7ff653f14f4c 45 API calls 18905->18906 18946->16994 18948 7ff653f1b150 _CallSETranslator 45 API calls 18947->18948 18949 7ff653f1a3e1 18948->18949 18950 7ff653f1a504 _CallSETranslator 45 API calls 18949->18950 18951 7ff653f1a401 18950->18951 19060 7ff653f0cb50 19061 7ff653f0cb60 19060->19061 19077 7ff653f19ba8 19061->19077 19063 7ff653f0cb6c 19083 7ff653f0ce48 19063->19083 19065 7ff653f0d12c 7 API calls 19067 7ff653f0cc05 19065->19067 19066 7ff653f0cb84 _RTC_Initialize 19075 7ff653f0cbd9 19066->19075 19088 7ff653f0cff8 19066->19088 19069 7ff653f0cb99 19091 7ff653f19014 19069->19091 19075->19065 19076 7ff653f0cbf5 19075->19076 19078 7ff653f19bb9 19077->19078 19079 7ff653f19bc1 19078->19079 19080 7ff653f14f08 _get_daylight 11 API calls 19078->19080 19079->19063 19081 7ff653f19bd0 19080->19081 19082 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 19081->19082 19082->19079 19084 7ff653f0ce59 19083->19084 19087 7ff653f0ce5e __scrt_acquire_startup_lock 19083->19087 19085 7ff653f0d12c 7 API calls 19084->19085 19084->19087 19086 7ff653f0ced2 19085->19086 19087->19066 19116 7ff653f0cfbc 19088->19116 19090 7ff653f0d001 19090->19069 19092 7ff653f19034 19091->19092 19098 7ff653f0cba5 19091->19098 19093 7ff653f1903c 19092->19093 19094 7ff653f19052 GetModuleFileNameW 19092->19094 19095 7ff653f14f08 _get_daylight 11 API calls 19093->19095 19099 7ff653f1907d 19094->19099 19096 7ff653f19041 19095->19096 19097 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 19096->19097 19097->19098 19098->19075 19115 7ff653f0d0cc InitializeSListHead 19098->19115 19131 7ff653f18fb4 19099->19131 19102 7ff653f190c5 19103 7ff653f14f08 _get_daylight 11 API calls 19102->19103 19104 7ff653f190ca 19103->19104 19105 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19104->19105 19105->19098 19106 7ff653f190ff 19108 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19106->19108 19107 7ff653f190dd 19107->19106 19109 7ff653f1912b 19107->19109 19110 7ff653f19144 19107->19110 19108->19098 19111 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19109->19111 19112 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19110->19112 19113 7ff653f19134 19111->19113 19112->19106 19114 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19113->19114 19114->19098 19117 7ff653f0cfd6 19116->19117 19119 7ff653f0cfcf 19116->19119 19120 7ff653f1a1ec 19117->19120 19119->19090 19123 7ff653f19e28 19120->19123 19130 7ff653f202d8 EnterCriticalSection 19123->19130 19132 7ff653f18fcc 19131->19132 19136 7ff653f19004 19131->19136 19133 7ff653f1eb98 _get_daylight 11 API calls 19132->19133 19132->19136 19134 7ff653f18ffa 19133->19134 19135 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19134->19135 19135->19136 19136->19102 19136->19107 19137 7ff653f19d50 19140 7ff653f19ccc 19137->19140 19147 7ff653f202d8 EnterCriticalSection 19140->19147 19415 7ff653f1afd0 19416 7ff653f1afea 19415->19416 19417 7ff653f1afd5 19415->19417 19421 7ff653f1aff0 19417->19421 19422 7ff653f1b03a 19421->19422 19423 7ff653f1b032 19421->19423 19425 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19422->19425 19424 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19423->19424 19424->19422 19426 7ff653f1b047 19425->19426 19427 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19426->19427 19428 7ff653f1b054 19427->19428 19429 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19428->19429 19430 7ff653f1b061 19429->19430 19431 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19430->19431 19432 7ff653f1b06e 19431->19432 19433 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19432->19433 19434 7ff653f1b07b 19433->19434 19435 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19434->19435 19436 7ff653f1b088 19435->19436 19437 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19436->19437 19438 7ff653f1b095 19437->19438 19439 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19438->19439 19440 7ff653f1b0a5 19439->19440 19441 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19440->19441 19442 7ff653f1b0b5 19441->19442 19447 7ff653f1ae94 19442->19447 19461 7ff653f202d8 EnterCriticalSection 19447->19461 19007 7ff653f0bae0 19008 7ff653f0bb0e 19007->19008 19009 7ff653f0baf5 19007->19009 19009->19008 19011 7ff653f1d5fc 12 API calls 19009->19011 19010 7ff653f0bb6e 19011->19010 19463 7ff653f2abe3 19464 7ff653f2abf3 19463->19464 19467 7ff653f15478 LeaveCriticalSection 19464->19467 19232 7ff653f2ad69 19235 7ff653f15478 LeaveCriticalSection 19232->19235 19473 7ff653f2adfe 19474 7ff653f2ae17 19473->19474 19475 7ff653f2ae0d 19473->19475 19477 7ff653f20338 LeaveCriticalSection 19475->19477 18952 7ff653f1f98c 18953 7ff653f1fb7e 18952->18953 18955 7ff653f1f9ce _isindst 18952->18955 18954 7ff653f14f08 _get_daylight 11 API calls 18953->18954 18972 7ff653f1fb6e 18954->18972 18955->18953 18958 7ff653f1fa4e _isindst 18955->18958 18956 7ff653f0c550 _log10_special 8 API calls 18957 7ff653f1fb99 18956->18957 18973 7ff653f26194 18958->18973 18963 7ff653f1fbaa 18965 7ff653f1a900 _isindst 17 API calls 18963->18965 18967 7ff653f1fbbe 18965->18967 18970 7ff653f1faab 18970->18972 18998 7ff653f261d8 18970->18998 18972->18956 18974 7ff653f1fa6c 18973->18974 18975 7ff653f261a3 18973->18975 18980 7ff653f25598 18974->18980 19005 7ff653f202d8 EnterCriticalSection 18975->19005 18981 7ff653f255a1 18980->18981 18985 7ff653f1fa81 18980->18985 18982 7ff653f14f08 _get_daylight 11 API calls 18981->18982 18983 7ff653f255a6 18982->18983 18984 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 18983->18984 18984->18985 18985->18963 18986 7ff653f255c8 18985->18986 18987 7ff653f1fa92 18986->18987 18988 7ff653f255d1 18986->18988 18987->18963 18992 7ff653f255f8 18987->18992 18989 7ff653f14f08 _get_daylight 11 API calls 18988->18989 18990 7ff653f255d6 18989->18990 18991 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 18990->18991 18991->18987 18993 7ff653f25601 18992->18993 18994 7ff653f1faa3 18992->18994 18995 7ff653f14f08 _get_daylight 11 API calls 18993->18995 18994->18963 18994->18970 18996 7ff653f25606 18995->18996 18997 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 18996->18997 18997->18994 19006 7ff653f202d8 EnterCriticalSection 18998->19006 19487 7ff653f15410 19488 7ff653f1541b 19487->19488 19496 7ff653f1f2a4 19488->19496 19509 7ff653f202d8 EnterCriticalSection 19496->19509 19518 7ff653f27c20 19521 7ff653f225f0 19518->19521 19522 7ff653f22642 19521->19522 19523 7ff653f225fd 19521->19523 19527 7ff653f1b224 19523->19527 19528 7ff653f1b250 FlsSetValue 19527->19528 19529 7ff653f1b235 FlsGetValue 19527->19529 19531 7ff653f1b242 19528->19531 19532 7ff653f1b25d 19528->19532 19530 7ff653f1b24a 19529->19530 19529->19531 19530->19528 19533 7ff653f1b248 19531->19533 19534 7ff653f1a504 _CallSETranslator 45 API calls 19531->19534 19535 7ff653f1eb98 _get_daylight 11 API calls 19532->19535 19547 7ff653f222c4 19533->19547 19536 7ff653f1b2c5 19534->19536 19537 7ff653f1b26c 19535->19537 19538 7ff653f1b28a FlsSetValue 19537->19538 19539 7ff653f1b27a FlsSetValue 19537->19539 19541 7ff653f1b296 FlsSetValue 19538->19541 19542 7ff653f1b2a8 19538->19542 19540 7ff653f1b283 19539->19540 19543 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19540->19543 19541->19540 19544 7ff653f1aef4 _get_daylight 11 API calls 19542->19544 19543->19531 19545 7ff653f1b2b0 19544->19545 19546 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19545->19546 19546->19533 19570 7ff653f22534 19547->19570 19549 7ff653f222f9 19585 7ff653f21fc4 19549->19585 19552 7ff653f1d5fc _fread_nolock 12 API calls 19553 7ff653f22327 19552->19553 19554 7ff653f2232f 19553->19554 19556 7ff653f2233e 19553->19556 19555 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19554->19555 19569 7ff653f22316 19555->19569 19556->19556 19592 7ff653f2266c 19556->19592 19559 7ff653f2243a 19560 7ff653f14f08 _get_daylight 11 API calls 19559->19560 19563 7ff653f2243f 19560->19563 19561 7ff653f22454 19562 7ff653f22495 19561->19562 19566 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19561->19566 19564 7ff653f224fc 19562->19564 19603 7ff653f21df4 19562->19603 19565 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19563->19565 19568 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19564->19568 19565->19569 19566->19562 19568->19569 19569->19522 19571 7ff653f22557 19570->19571 19572 7ff653f22561 19571->19572 19618 7ff653f202d8 EnterCriticalSection 19571->19618 19575 7ff653f225d3 19572->19575 19576 7ff653f1a504 _CallSETranslator 45 API calls 19572->19576 19575->19549 19578 7ff653f225eb 19576->19578 19581 7ff653f1b224 50 API calls 19578->19581 19584 7ff653f22642 19578->19584 19582 7ff653f2262c 19581->19582 19583 7ff653f222c4 65 API calls 19582->19583 19583->19584 19584->19549 19586 7ff653f14f4c 45 API calls 19585->19586 19587 7ff653f21fd8 19586->19587 19588 7ff653f21ff6 19587->19588 19589 7ff653f21fe4 GetOEMCP 19587->19589 19590 7ff653f21ffb GetACP 19588->19590 19591 7ff653f2200b 19588->19591 19589->19591 19590->19591 19591->19552 19591->19569 19593 7ff653f21fc4 47 API calls 19592->19593 19594 7ff653f22699 19593->19594 19595 7ff653f227ef 19594->19595 19597 7ff653f226d6 IsValidCodePage 19594->19597 19602 7ff653f226f0 __scrt_get_show_window_mode 19594->19602 19596 7ff653f0c550 _log10_special 8 API calls 19595->19596 19598 7ff653f22431 19596->19598 19597->19595 19599 7ff653f226e7 19597->19599 19598->19559 19598->19561 19600 7ff653f22716 GetCPInfo 19599->19600 19599->19602 19600->19595 19600->19602 19619 7ff653f220dc 19602->19619 19675 7ff653f202d8 EnterCriticalSection 19603->19675 19620 7ff653f22119 GetCPInfo 19619->19620 19621 7ff653f2220f 19619->19621 19620->19621 19626 7ff653f2212c 19620->19626 19622 7ff653f0c550 _log10_special 8 API calls 19621->19622 19623 7ff653f222ae 19622->19623 19623->19595 19624 7ff653f22e40 48 API calls 19625 7ff653f221a3 19624->19625 19630 7ff653f27b84 19625->19630 19626->19624 19629 7ff653f27b84 54 API calls 19629->19621 19631 7ff653f14f4c 45 API calls 19630->19631 19632 7ff653f27ba9 19631->19632 19635 7ff653f27850 19632->19635 19636 7ff653f27891 19635->19636 19637 7ff653f1f8a0 _fread_nolock MultiByteToWideChar 19636->19637 19640 7ff653f278db 19637->19640 19638 7ff653f27b59 19639 7ff653f0c550 _log10_special 8 API calls 19638->19639 19641 7ff653f221d6 19639->19641 19640->19638 19642 7ff653f1d5fc _fread_nolock 12 API calls 19640->19642 19644 7ff653f27913 19640->19644 19654 7ff653f27a11 19640->19654 19641->19629 19642->19644 19643 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19643->19638 19645 7ff653f1f8a0 _fread_nolock MultiByteToWideChar 19644->19645 19644->19654 19646 7ff653f27986 19645->19646 19646->19654 19666 7ff653f1f0e4 19646->19666 19649 7ff653f279d1 19651 7ff653f1f0e4 __crtLCMapStringW 6 API calls 19649->19651 19649->19654 19650 7ff653f27a22 19652 7ff653f1d5fc _fread_nolock 12 API calls 19650->19652 19653 7ff653f27af4 19650->19653 19656 7ff653f27a40 19650->19656 19651->19654 19652->19656 19653->19654 19655 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19653->19655 19654->19638 19654->19643 19655->19654 19656->19654 19657 7ff653f1f0e4 __crtLCMapStringW 6 API calls 19656->19657 19658 7ff653f27ac0 19657->19658 19658->19653 19659 7ff653f27af6 19658->19659 19660 7ff653f27ae0 19658->19660 19662 7ff653f207e8 WideCharToMultiByte 19659->19662 19661 7ff653f207e8 WideCharToMultiByte 19660->19661 19663 7ff653f27aee 19661->19663 19662->19663 19663->19653 19664 7ff653f27b0e 19663->19664 19664->19654 19665 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19664->19665 19665->19654 19667 7ff653f1ed10 __crtLCMapStringW 5 API calls 19666->19667 19668 7ff653f1f122 19667->19668 19671 7ff653f1f12a 19668->19671 19672 7ff653f1f1d0 19668->19672 19670 7ff653f1f193 LCMapStringW 19670->19671 19671->19649 19671->19650 19671->19654 19673 7ff653f1ed10 __crtLCMapStringW 5 API calls 19672->19673 19674 7ff653f1f1fe __crtLCMapStringW 19673->19674 19674->19670 20753 7ff653f1c520 20764 7ff653f202d8 EnterCriticalSection 20753->20764 16033 7ff653f15628 16034 7ff653f1565f 16033->16034 16035 7ff653f15642 16033->16035 16034->16035 16036 7ff653f15672 CreateFileW 16034->16036 16084 7ff653f14ee8 16035->16084 16038 7ff653f156a6 16036->16038 16039 7ff653f156dc 16036->16039 16058 7ff653f1577c GetFileType 16038->16058 16093 7ff653f15c04 16039->16093 16047 7ff653f156bb CloseHandle 16053 7ff653f1565a 16047->16053 16048 7ff653f156d1 CloseHandle 16048->16053 16049 7ff653f15710 16119 7ff653f159c4 16049->16119 16050 7ff653f156e5 16114 7ff653f14e7c 16050->16114 16057 7ff653f156ef 16057->16053 16059 7ff653f15887 16058->16059 16060 7ff653f157ca 16058->16060 16062 7ff653f1588f 16059->16062 16063 7ff653f158b1 16059->16063 16061 7ff653f157f6 GetFileInformationByHandle 16060->16061 16065 7ff653f15b00 21 API calls 16060->16065 16066 7ff653f1581f 16061->16066 16067 7ff653f158a2 GetLastError 16061->16067 16062->16067 16068 7ff653f15893 16062->16068 16064 7ff653f158d4 PeekNamedPipe 16063->16064 16082 7ff653f15872 16063->16082 16064->16082 16074 7ff653f157e4 16065->16074 16069 7ff653f159c4 51 API calls 16066->16069 16071 7ff653f14e7c _fread_nolock 11 API calls 16067->16071 16070 7ff653f14f08 _get_daylight 11 API calls 16068->16070 16072 7ff653f1582a 16069->16072 16070->16082 16071->16082 16136 7ff653f15924 16072->16136 16074->16061 16074->16082 16078 7ff653f15924 10 API calls 16079 7ff653f15849 16078->16079 16080 7ff653f15924 10 API calls 16079->16080 16081 7ff653f1585a 16080->16081 16081->16082 16083 7ff653f14f08 _get_daylight 11 API calls 16081->16083 16143 7ff653f0c550 16082->16143 16083->16082 16157 7ff653f1b2c8 GetLastError 16084->16157 16086 7ff653f14ef1 16087 7ff653f14f08 16086->16087 16088 7ff653f1b2c8 _get_daylight 11 API calls 16087->16088 16089 7ff653f14f11 16088->16089 16090 7ff653f1a8e0 16089->16090 16215 7ff653f1a778 16090->16215 16092 7ff653f1a8f9 16092->16053 16094 7ff653f15c3a 16093->16094 16095 7ff653f14f08 _get_daylight 11 API calls 16094->16095 16113 7ff653f15cd2 __std_exception_copy 16094->16113 16097 7ff653f15c4c 16095->16097 16096 7ff653f0c550 _log10_special 8 API calls 16098 7ff653f156e1 16096->16098 16099 7ff653f14f08 _get_daylight 11 API calls 16097->16099 16098->16049 16098->16050 16100 7ff653f15c54 16099->16100 16267 7ff653f17e08 16100->16267 16102 7ff653f15c69 16103 7ff653f15c7b 16102->16103 16104 7ff653f15c71 16102->16104 16105 7ff653f14f08 _get_daylight 11 API calls 16103->16105 16106 7ff653f14f08 _get_daylight 11 API calls 16104->16106 16107 7ff653f15c80 16105->16107 16110 7ff653f15c76 16106->16110 16108 7ff653f14f08 _get_daylight 11 API calls 16107->16108 16107->16113 16109 7ff653f15c8a 16108->16109 16111 7ff653f17e08 45 API calls 16109->16111 16112 7ff653f15cc4 GetDriveTypeW 16110->16112 16110->16113 16111->16110 16112->16113 16113->16096 16115 7ff653f1b2c8 _get_daylight 11 API calls 16114->16115 16116 7ff653f14e89 Concurrency::details::SchedulerProxy::DeleteThis 16115->16116 16117 7ff653f1b2c8 _get_daylight 11 API calls 16116->16117 16118 7ff653f14eab 16117->16118 16118->16057 16120 7ff653f159ec 16119->16120 16121 7ff653f1571d 16120->16121 16361 7ff653f1f724 16120->16361 16129 7ff653f15b00 16121->16129 16123 7ff653f15a80 16123->16121 16124 7ff653f1f724 51 API calls 16123->16124 16125 7ff653f15a93 16124->16125 16125->16121 16126 7ff653f1f724 51 API calls 16125->16126 16127 7ff653f15aa6 16126->16127 16127->16121 16128 7ff653f1f724 51 API calls 16127->16128 16128->16121 16130 7ff653f15b1a 16129->16130 16131 7ff653f15b51 16130->16131 16132 7ff653f15b2a 16130->16132 16133 7ff653f1f5b8 21 API calls 16131->16133 16134 7ff653f14e7c _fread_nolock 11 API calls 16132->16134 16135 7ff653f15b3a 16132->16135 16133->16135 16134->16135 16135->16057 16137 7ff653f1594d FileTimeToSystemTime 16136->16137 16138 7ff653f15940 16136->16138 16139 7ff653f15961 SystemTimeToTzSpecificLocalTime 16137->16139 16140 7ff653f15948 16137->16140 16138->16137 16138->16140 16139->16140 16141 7ff653f0c550 _log10_special 8 API calls 16140->16141 16142 7ff653f15839 16141->16142 16142->16078 16144 7ff653f0c559 16143->16144 16145 7ff653f0c564 16144->16145 16146 7ff653f0c8e0 IsProcessorFeaturePresent 16144->16146 16145->16047 16145->16048 16147 7ff653f0c8f8 16146->16147 16152 7ff653f0cad8 RtlCaptureContext 16147->16152 16153 7ff653f0caf2 RtlLookupFunctionEntry 16152->16153 16154 7ff653f0cb08 RtlVirtualUnwind 16153->16154 16155 7ff653f0c90b 16153->16155 16154->16153 16154->16155 16156 7ff653f0c8a0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16155->16156 16158 7ff653f1b309 FlsSetValue 16157->16158 16159 7ff653f1b2ec 16157->16159 16160 7ff653f1b2f9 SetLastError 16158->16160 16161 7ff653f1b31b 16158->16161 16159->16158 16159->16160 16160->16086 16174 7ff653f1eb98 16161->16174 16165 7ff653f1b348 FlsSetValue 16167 7ff653f1b366 16165->16167 16168 7ff653f1b354 FlsSetValue 16165->16168 16166 7ff653f1b338 FlsSetValue 16169 7ff653f1b341 16166->16169 16187 7ff653f1aef4 16167->16187 16168->16169 16181 7ff653f1a948 16169->16181 16179 7ff653f1eba9 _get_daylight 16174->16179 16175 7ff653f1ebfa 16178 7ff653f14f08 _get_daylight 10 API calls 16175->16178 16176 7ff653f1ebde HeapAlloc 16177 7ff653f1b32a 16176->16177 16176->16179 16177->16165 16177->16166 16178->16177 16179->16175 16179->16176 16192 7ff653f23590 16179->16192 16182 7ff653f1a94d RtlFreeHeap 16181->16182 16183 7ff653f1a97c 16181->16183 16182->16183 16184 7ff653f1a968 GetLastError 16182->16184 16183->16160 16185 7ff653f1a975 Concurrency::details::SchedulerProxy::DeleteThis 16184->16185 16186 7ff653f14f08 _get_daylight 9 API calls 16185->16186 16186->16183 16201 7ff653f1adcc 16187->16201 16195 7ff653f235d0 16192->16195 16200 7ff653f202d8 EnterCriticalSection 16195->16200 16213 7ff653f202d8 EnterCriticalSection 16201->16213 16216 7ff653f1a7a3 16215->16216 16219 7ff653f1a814 16216->16219 16218 7ff653f1a7ca 16218->16092 16229 7ff653f1a55c 16219->16229 16222 7ff653f1a84f 16222->16218 16230 7ff653f1a578 GetLastError 16229->16230 16231 7ff653f1a5b3 16229->16231 16232 7ff653f1a588 16230->16232 16231->16222 16235 7ff653f1a5c8 16231->16235 16242 7ff653f1b390 16232->16242 16236 7ff653f1a5fc 16235->16236 16237 7ff653f1a5e4 GetLastError SetLastError 16235->16237 16236->16222 16238 7ff653f1a900 IsProcessorFeaturePresent 16236->16238 16237->16236 16239 7ff653f1a913 16238->16239 16259 7ff653f1a614 16239->16259 16243 7ff653f1b3ca FlsSetValue 16242->16243 16244 7ff653f1b3af FlsGetValue 16242->16244 16246 7ff653f1b3d7 16243->16246 16247 7ff653f1a5a3 SetLastError 16243->16247 16245 7ff653f1b3c4 16244->16245 16244->16247 16245->16243 16248 7ff653f1eb98 _get_daylight 11 API calls 16246->16248 16247->16231 16249 7ff653f1b3e6 16248->16249 16250 7ff653f1b404 FlsSetValue 16249->16250 16251 7ff653f1b3f4 FlsSetValue 16249->16251 16252 7ff653f1b410 FlsSetValue 16250->16252 16253 7ff653f1b422 16250->16253 16254 7ff653f1b3fd 16251->16254 16252->16254 16255 7ff653f1aef4 _get_daylight 11 API calls 16253->16255 16256 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16254->16256 16257 7ff653f1b42a 16255->16257 16256->16247 16258 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16257->16258 16258->16247 16260 7ff653f1a64e _isindst __scrt_get_show_window_mode 16259->16260 16261 7ff653f1a676 RtlCaptureContext RtlLookupFunctionEntry 16260->16261 16262 7ff653f1a6e6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16261->16262 16263 7ff653f1a6b0 RtlVirtualUnwind 16261->16263 16264 7ff653f1a738 _isindst 16262->16264 16263->16262 16265 7ff653f0c550 _log10_special 8 API calls 16264->16265 16266 7ff653f1a757 GetCurrentProcess TerminateProcess 16265->16266 16268 7ff653f17e92 16267->16268 16269 7ff653f17e24 16267->16269 16304 7ff653f207c0 16268->16304 16269->16268 16271 7ff653f17e29 16269->16271 16272 7ff653f17e5e 16271->16272 16273 7ff653f17e41 16271->16273 16287 7ff653f17c4c GetFullPathNameW 16272->16287 16279 7ff653f17bd8 GetFullPathNameW 16273->16279 16278 7ff653f17e56 __std_exception_copy 16278->16102 16280 7ff653f17bfe GetLastError 16279->16280 16281 7ff653f17c14 16279->16281 16282 7ff653f14e7c _fread_nolock 11 API calls 16280->16282 16283 7ff653f17c10 16281->16283 16286 7ff653f14f08 _get_daylight 11 API calls 16281->16286 16284 7ff653f17c0b 16282->16284 16283->16278 16285 7ff653f14f08 _get_daylight 11 API calls 16284->16285 16285->16283 16286->16283 16288 7ff653f17c7f GetLastError 16287->16288 16293 7ff653f17c95 __std_exception_copy 16287->16293 16289 7ff653f14e7c _fread_nolock 11 API calls 16288->16289 16290 7ff653f17c8c 16289->16290 16291 7ff653f14f08 _get_daylight 11 API calls 16290->16291 16292 7ff653f17c91 16291->16292 16295 7ff653f17d24 16292->16295 16293->16292 16294 7ff653f17cef GetFullPathNameW 16293->16294 16294->16288 16294->16292 16298 7ff653f17d4d __scrt_get_show_window_mode 16295->16298 16300 7ff653f17d98 memcpy_s 16295->16300 16296 7ff653f17d81 16297 7ff653f14f08 _get_daylight 11 API calls 16296->16297 16299 7ff653f17d86 16297->16299 16298->16296 16298->16300 16301 7ff653f17dba 16298->16301 16302 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 16299->16302 16300->16278 16301->16300 16303 7ff653f14f08 _get_daylight 11 API calls 16301->16303 16302->16300 16303->16299 16307 7ff653f205d0 16304->16307 16308 7ff653f205fb 16307->16308 16309 7ff653f20612 16307->16309 16310 7ff653f14f08 _get_daylight 11 API calls 16308->16310 16311 7ff653f20637 16309->16311 16312 7ff653f20616 16309->16312 16314 7ff653f20600 16310->16314 16345 7ff653f1f5b8 16311->16345 16333 7ff653f2073c 16312->16333 16319 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 16314->16319 16317 7ff653f2063c 16323 7ff653f206e1 16317->16323 16329 7ff653f20663 16317->16329 16318 7ff653f2061f 16320 7ff653f14ee8 _fread_nolock 11 API calls 16318->16320 16321 7ff653f2060b __std_exception_copy 16319->16321 16322 7ff653f20624 16320->16322 16324 7ff653f0c550 _log10_special 8 API calls 16321->16324 16325 7ff653f14f08 _get_daylight 11 API calls 16322->16325 16323->16308 16326 7ff653f206e9 16323->16326 16328 7ff653f20731 16324->16328 16325->16314 16327 7ff653f17bd8 13 API calls 16326->16327 16327->16321 16328->16278 16330 7ff653f17c4c 14 API calls 16329->16330 16331 7ff653f206a7 16330->16331 16331->16321 16332 7ff653f17d24 37 API calls 16331->16332 16332->16321 16334 7ff653f20786 16333->16334 16335 7ff653f20756 16333->16335 16336 7ff653f20791 GetDriveTypeW 16334->16336 16338 7ff653f20771 16334->16338 16337 7ff653f14ee8 _fread_nolock 11 API calls 16335->16337 16336->16338 16339 7ff653f2075b 16337->16339 16341 7ff653f0c550 _log10_special 8 API calls 16338->16341 16340 7ff653f14f08 _get_daylight 11 API calls 16339->16340 16342 7ff653f20766 16340->16342 16343 7ff653f2061b 16341->16343 16344 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 16342->16344 16343->16317 16343->16318 16344->16338 16359 7ff653f2a4d0 16345->16359 16347 7ff653f1f5ee GetCurrentDirectoryW 16348 7ff653f1f62c 16347->16348 16349 7ff653f1f605 16347->16349 16350 7ff653f1eb98 _get_daylight 11 API calls 16348->16350 16352 7ff653f0c550 _log10_special 8 API calls 16349->16352 16351 7ff653f1f63b 16350->16351 16353 7ff653f1f645 GetCurrentDirectoryW 16351->16353 16354 7ff653f1f654 16351->16354 16355 7ff653f1f699 16352->16355 16353->16354 16356 7ff653f1f659 16353->16356 16357 7ff653f14f08 _get_daylight 11 API calls 16354->16357 16355->16317 16358 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16356->16358 16357->16356 16358->16349 16360 7ff653f2a4c0 16359->16360 16360->16347 16360->16360 16362 7ff653f1f731 16361->16362 16364 7ff653f1f755 16361->16364 16363 7ff653f1f736 16362->16363 16362->16364 16366 7ff653f14f08 _get_daylight 11 API calls 16363->16366 16365 7ff653f1f78f 16364->16365 16368 7ff653f1f7ae 16364->16368 16367 7ff653f14f08 _get_daylight 11 API calls 16365->16367 16369 7ff653f1f73b 16366->16369 16370 7ff653f1f794 16367->16370 16378 7ff653f14f4c 16368->16378 16372 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 16369->16372 16373 7ff653f1a8e0 _invalid_parameter_noinfo 37 API calls 16370->16373 16374 7ff653f1f746 16372->16374 16375 7ff653f1f79f 16373->16375 16374->16123 16375->16123 16376 7ff653f1f7bb 16376->16375 16377 7ff653f204dc 51 API calls 16376->16377 16377->16376 16379 7ff653f14f70 16378->16379 16385 7ff653f14f6b 16378->16385 16379->16385 16386 7ff653f1b150 GetLastError 16379->16386 16385->16376 16387 7ff653f1b191 FlsSetValue 16386->16387 16388 7ff653f1b174 FlsGetValue 16386->16388 16390 7ff653f1b1a3 16387->16390 16406 7ff653f1b181 16387->16406 16389 7ff653f1b18b 16388->16389 16388->16406 16389->16387 16392 7ff653f1eb98 _get_daylight 11 API calls 16390->16392 16391 7ff653f1b1fd SetLastError 16393 7ff653f14f8b 16391->16393 16394 7ff653f1b21d 16391->16394 16395 7ff653f1b1b2 16392->16395 16408 7ff653f1d984 16393->16408 16416 7ff653f1a504 16394->16416 16397 7ff653f1b1d0 FlsSetValue 16395->16397 16398 7ff653f1b1c0 FlsSetValue 16395->16398 16401 7ff653f1b1dc FlsSetValue 16397->16401 16402 7ff653f1b1ee 16397->16402 16400 7ff653f1b1c9 16398->16400 16404 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16400->16404 16401->16400 16403 7ff653f1aef4 _get_daylight 11 API calls 16402->16403 16405 7ff653f1b1f6 16403->16405 16404->16406 16407 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16405->16407 16406->16391 16407->16391 16409 7ff653f1d999 16408->16409 16410 7ff653f14fae 16408->16410 16409->16410 16460 7ff653f23304 16409->16460 16412 7ff653f1d9f0 16410->16412 16413 7ff653f1da18 16412->16413 16414 7ff653f1da05 16412->16414 16413->16385 16414->16413 16473 7ff653f22650 16414->16473 16425 7ff653f23650 16416->16425 16451 7ff653f23608 16425->16451 16456 7ff653f202d8 EnterCriticalSection 16451->16456 16461 7ff653f1b150 _CallSETranslator 45 API calls 16460->16461 16462 7ff653f23313 16461->16462 16463 7ff653f2335e 16462->16463 16472 7ff653f202d8 EnterCriticalSection 16462->16472 16463->16410 16474 7ff653f1b150 _CallSETranslator 45 API calls 16473->16474 16475 7ff653f22659 16474->16475 20181 7ff653f216b0 20192 7ff653f273e4 20181->20192 20193 7ff653f273f1 20192->20193 20194 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20193->20194 20195 7ff653f2740d 20193->20195 20194->20193 20196 7ff653f1a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20195->20196 20197 7ff653f216b9 20195->20197 20196->20195 20198 7ff653f202d8 EnterCriticalSection 20197->20198

                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                        Function 00007FF653F089E0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 0 7ff653f089e0-7ff653f08b26 call 7ff653f0c850 call 7ff653f09390 SetConsoleCtrlHandler GetStartupInfoW call 7ff653f153f0 call 7ff653f1a47c call 7ff653f1871c call 7ff653f153f0 call 7ff653f1a47c call 7ff653f1871c call 7ff653f153f0 call 7ff653f1a47c call 7ff653f1871c GetCommandLineW CreateProcessW 23 7ff653f08b28-7ff653f08b48 GetLastError call 7ff653f02c50 0->23 24 7ff653f08b4d-7ff653f08b89 RegisterClassW 0->24 31 7ff653f08e39-7ff653f08e5f call 7ff653f0c550 23->31 26 7ff653f08b8b GetLastError 24->26 27 7ff653f08b91-7ff653f08be5 CreateWindowExW 24->27 26->27 29 7ff653f08be7-7ff653f08bed GetLastError 27->29 30 7ff653f08bef-7ff653f08bf4 ShowWindow 27->30 32 7ff653f08bfa-7ff653f08c0a WaitForSingleObject 29->32 30->32 34 7ff653f08c88-7ff653f08c8f 32->34 35 7ff653f08c0c 32->35 36 7ff653f08c91-7ff653f08ca1 WaitForSingleObject 34->36 37 7ff653f08cd2-7ff653f08cd9 34->37 39 7ff653f08c10-7ff653f08c13 35->39 40 7ff653f08ca7-7ff653f08cb7 TerminateProcess 36->40 41 7ff653f08df8-7ff653f08e02 36->41 42 7ff653f08cdf-7ff653f08cf5 QueryPerformanceFrequency QueryPerformanceCounter 37->42 43 7ff653f08dc0-7ff653f08dd9 GetMessageW 37->43 44 7ff653f08c1b-7ff653f08c22 39->44 45 7ff653f08c15 GetLastError 39->45 50 7ff653f08cb9 GetLastError 40->50 51 7ff653f08cbf-7ff653f08ccd WaitForSingleObject 40->51 48 7ff653f08e11-7ff653f08e35 GetExitCodeProcess CloseHandle * 2 41->48 49 7ff653f08e04-7ff653f08e0a DestroyWindow 41->49 52 7ff653f08d00-7ff653f08d38 MsgWaitForMultipleObjects PeekMessageW 42->52 46 7ff653f08ddb-7ff653f08de9 TranslateMessage DispatchMessageW 43->46 47 7ff653f08def-7ff653f08df6 43->47 44->36 53 7ff653f08c24-7ff653f08c41 PeekMessageW 44->53 45->44 46->47 47->41 47->43 48->31 49->48 50->51 51->41 56 7ff653f08d3a 52->56 57 7ff653f08d73-7ff653f08d7a 52->57 54 7ff653f08c76-7ff653f08c86 WaitForSingleObject 53->54 55 7ff653f08c43-7ff653f08c74 TranslateMessage DispatchMessageW PeekMessageW 53->55 54->34 54->39 55->54 55->55 58 7ff653f08d40-7ff653f08d71 TranslateMessage DispatchMessageW PeekMessageW 56->58 57->43 59 7ff653f08d7c-7ff653f08da5 QueryPerformanceCounter 57->59 58->57 58->58 59->52 60 7ff653f08dab-7ff653f08db2 59->60 60->41 61 7ff653f08db4-7ff653f08db8 60->61 61->43
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                                                        • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                                                        • API String ID: 3832162212-3165540532
                                                                                                                                                                                                                                        • Opcode ID: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                                                                                                        • Instruction ID: e0df15e2182edd67daaad9127b5eaf3b087da786bd6eef1743b974300e1895fb
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2DD16232A18A82C6EB108F78EC566A93762FF44F58F484235EE5EB36A5DF3CD5458700
                                                                                                                                                                                                                                        Function 00007FF653F01000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 511COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 62 7ff653f01000-7ff653f03806 call 7ff653f0fe18 call 7ff653f0fe20 call 7ff653f0c850 call 7ff653f153f0 call 7ff653f15484 call 7ff653f036b0 76 7ff653f03814-7ff653f03836 call 7ff653f01950 62->76 77 7ff653f03808-7ff653f0380f 62->77 83 7ff653f0383c-7ff653f03856 call 7ff653f01c80 76->83 84 7ff653f0391b-7ff653f03931 call 7ff653f045c0 76->84 78 7ff653f03c97-7ff653f03cb2 call 7ff653f0c550 77->78 88 7ff653f0385b-7ff653f0389b call 7ff653f08830 83->88 89 7ff653f03933-7ff653f03960 call 7ff653f07f90 84->89 90 7ff653f0396a-7ff653f0397f call 7ff653f02710 84->90 97 7ff653f038c1-7ff653f038cc call 7ff653f14f30 88->97 98 7ff653f0389d-7ff653f038a3 88->98 102 7ff653f03984-7ff653f039a6 call 7ff653f01c80 89->102 103 7ff653f03962-7ff653f03965 call 7ff653f1004c 89->103 104 7ff653f03c8f 90->104 110 7ff653f038d2-7ff653f038e1 call 7ff653f08830 97->110 111 7ff653f039fc-7ff653f03a2a call 7ff653f08940 call 7ff653f089a0 * 3 97->111 99 7ff653f038a5-7ff653f038ad 98->99 100 7ff653f038af-7ff653f038bd call 7ff653f089a0 98->100 99->100 100->97 115 7ff653f039b0-7ff653f039b9 102->115 103->90 104->78 120 7ff653f039f4-7ff653f039f7 call 7ff653f14f30 110->120 121 7ff653f038e7-7ff653f038ed 110->121 138 7ff653f03a2f-7ff653f03a3e call 7ff653f08830 111->138 115->115 116 7ff653f039bb-7ff653f039d8 call 7ff653f01950 115->116 116->88 127 7ff653f039de-7ff653f039ef call 7ff653f02710 116->127 120->111 125 7ff653f038f0-7ff653f038fc 121->125 128 7ff653f03905-7ff653f03908 125->128 129 7ff653f038fe-7ff653f03903 125->129 127->104 128->120 132 7ff653f0390e-7ff653f03916 call 7ff653f14f30 128->132 129->125 129->128 132->138 141 7ff653f03b45-7ff653f03b53 138->141 142 7ff653f03a44-7ff653f03a47 138->142 144 7ff653f03b59-7ff653f03b5d 141->144 145 7ff653f03a67 141->145 142->141 143 7ff653f03a4d-7ff653f03a50 142->143 146 7ff653f03b14-7ff653f03b17 143->146 147 7ff653f03a56-7ff653f03a5a 143->147 148 7ff653f03a6b-7ff653f03a90 call 7ff653f14f30 144->148 145->148 150 7ff653f03b2f-7ff653f03b40 call 7ff653f02710 146->150 151 7ff653f03b19-7ff653f03b1d 146->151 147->146 149 7ff653f03a60 147->149 157 7ff653f03a92-7ff653f03aa6 call 7ff653f08940 148->157 158 7ff653f03aab-7ff653f03ac0 148->158 149->145 159 7ff653f03c7f-7ff653f03c87 150->159 151->150 153 7ff653f03b1f-7ff653f03b2a 151->153 153->148 157->158 161 7ff653f03be8-7ff653f03bfa call 7ff653f08830 158->161 162 7ff653f03ac6-7ff653f03aca 158->162 159->104 169 7ff653f03c2e 161->169 170 7ff653f03bfc-7ff653f03c02 161->170 164 7ff653f03ad0-7ff653f03ae8 call 7ff653f15250 162->164 165 7ff653f03bcd-7ff653f03be2 call 7ff653f01940 162->165 175 7ff653f03b62-7ff653f03b7a call 7ff653f15250 164->175 176 7ff653f03aea-7ff653f03b02 call 7ff653f15250 164->176 165->161 165->162 177 7ff653f03c31-7ff653f03c40 call 7ff653f14f30 169->177 173 7ff653f03c04-7ff653f03c1c 170->173 174 7ff653f03c1e-7ff653f03c2c 170->174 173->177 174->177 184 7ff653f03b7c-7ff653f03b80 175->184 185 7ff653f03b87-7ff653f03b9f call 7ff653f15250 175->185 176->165 186 7ff653f03b08-7ff653f03b0f 176->186 187 7ff653f03d41-7ff653f03d63 call 7ff653f044e0 177->187 188 7ff653f03c46-7ff653f03c4a 177->188 184->185 197 7ff653f03ba1-7ff653f03ba5 185->197 198 7ff653f03bac-7ff653f03bc4 call 7ff653f15250 185->198 186->165 201 7ff653f03d65-7ff653f03d6f call 7ff653f04630 187->201 202 7ff653f03d71-7ff653f03d82 call 7ff653f01c80 187->202 190 7ff653f03cd4-7ff653f03ce6 call 7ff653f08830 188->190 191 7ff653f03c50-7ff653f03c5f call 7ff653f090e0 188->191 207 7ff653f03d35-7ff653f03d3c 190->207 208 7ff653f03ce8-7ff653f03ceb 190->208 205 7ff653f03cb3-7ff653f03cb6 call 7ff653f08660 191->205 206 7ff653f03c61 191->206 197->198 198->165 219 7ff653f03bc6 198->219 210 7ff653f03d87-7ff653f03d96 201->210 202->210 218 7ff653f03cbb-7ff653f03cbd 205->218 213 7ff653f03c68 call 7ff653f02710 206->213 207->213 208->207 214 7ff653f03ced-7ff653f03d10 call 7ff653f01c80 208->214 216 7ff653f03dc4-7ff653f03dda call 7ff653f09390 210->216 217 7ff653f03d98-7ff653f03d9f 210->217 226 7ff653f03c6d-7ff653f03c77 213->226 228 7ff653f03d12-7ff653f03d26 call 7ff653f02710 call 7ff653f14f30 214->228 229 7ff653f03d2b-7ff653f03d33 call 7ff653f14f30 214->229 234 7ff653f03ddc 216->234 235 7ff653f03de8-7ff653f03e04 SetDllDirectoryW 216->235 217->216 222 7ff653f03da1-7ff653f03da5 217->222 224 7ff653f03cbf-7ff653f03cc6 218->224 225 7ff653f03cc8-7ff653f03ccf 218->225 219->165 222->216 230 7ff653f03da7-7ff653f03dbe SetDllDirectoryW LoadLibraryExW 222->230 224->213 225->210 226->159 228->226 229->210 230->216 234->235 238 7ff653f03f01-7ff653f03f08 235->238 239 7ff653f03e0a-7ff653f03e19 call 7ff653f08830 235->239 241 7ff653f03f0e-7ff653f03f15 238->241 242 7ff653f04008-7ff653f04010 238->242 251 7ff653f03e32-7ff653f03e3c call 7ff653f14f30 239->251 252 7ff653f03e1b-7ff653f03e21 239->252 241->242 245 7ff653f03f1b-7ff653f03f25 call 7ff653f033c0 241->245 246 7ff653f04035-7ff653f04067 call 7ff653f036a0 call 7ff653f03360 call 7ff653f03670 call 7ff653f06fc0 call 7ff653f06d70 242->246 247 7ff653f04012-7ff653f0402f PostMessageW GetMessageW 242->247 245->226 259 7ff653f03f2b-7ff653f03f3f call 7ff653f090c0 245->259 247->246 261 7ff653f03ef2-7ff653f03efc call 7ff653f08940 251->261 262 7ff653f03e42-7ff653f03e48 251->262 256 7ff653f03e23-7ff653f03e2b 252->256 257 7ff653f03e2d-7ff653f03e2f 252->257 256->257 257->251 272 7ff653f03f64-7ff653f03f7a call 7ff653f08940 call 7ff653f089e0 259->272 273 7ff653f03f41-7ff653f03f5e PostMessageW GetMessageW 259->273 261->238 262->261 267 7ff653f03e4e-7ff653f03e54 262->267 270 7ff653f03e5f-7ff653f03e61 267->270 271 7ff653f03e56-7ff653f03e58 267->271 270->238 276 7ff653f03e67-7ff653f03e83 call 7ff653f06dc0 call 7ff653f07340 270->276 275 7ff653f03e5a 271->275 271->276 284 7ff653f03f7f-7ff653f03fa7 call 7ff653f06fc0 call 7ff653f06d70 call 7ff653f088e0 272->284 273->272 275->238 290 7ff653f03e85-7ff653f03e8c 276->290 291 7ff653f03e8e-7ff653f03e95 276->291 311 7ff653f03ff5-7ff653f04003 call 7ff653f01900 284->311 312 7ff653f03fa9-7ff653f03fbf call 7ff653f08ed0 call 7ff653f088e0 284->312 295 7ff653f03edb-7ff653f03ef0 call 7ff653f02a50 call 7ff653f06fc0 call 7ff653f06d70 290->295 292 7ff653f03eaf-7ff653f03eb9 call 7ff653f071b0 291->292 293 7ff653f03e97-7ff653f03ea4 call 7ff653f06e00 291->293 305 7ff653f03ec4-7ff653f03ed2 call 7ff653f074f0 292->305 306 7ff653f03ebb-7ff653f03ec2 292->306 293->292 304 7ff653f03ea6-7ff653f03ead 293->304 295->238 304->295 305->238 319 7ff653f03ed4 305->319 306->295 311->226 312->311 323 7ff653f03fc1-7ff653f03fd6 312->323 319->295 324 7ff653f03ff0 call 7ff653f02a50 323->324 325 7ff653f03fd8-7ff653f03feb call 7ff653f02710 call 7ff653f01900 323->325 324->311 325->226
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                        • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                                                        • API String ID: 2776309574-4232158417
                                                                                                                                                                                                                                        • Opcode ID: 9de477ae995940a39e23314e20718922418974b9c8241bfba060ee61ec72f349
                                                                                                                                                                                                                                        • Instruction ID: 6f1148d2599242c5b2dfd5bd3867833bb3dda389e09b1707573d3dbd7b3c30f2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9de477ae995940a39e23314e20718922418974b9c8241bfba060ee61ec72f349
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59327121A2C68291FB15DB69D9573B966A3AF44F44F8C4032DA5EF32D6EF2CE558C300
                                                                                                                                                                                                                                        Function 00007FF653F25C00 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 479 7ff653f25c00-7ff653f25c3b call 7ff653f25588 call 7ff653f25590 call 7ff653f255f8 486 7ff653f25c41-7ff653f25c4c call 7ff653f25598 479->486 487 7ff653f25e65-7ff653f25eb1 call 7ff653f1a900 call 7ff653f25588 call 7ff653f25590 call 7ff653f255f8 479->487 486->487 492 7ff653f25c52-7ff653f25c5c 486->492 514 7ff653f25eb7-7ff653f25ec2 call 7ff653f25598 487->514 515 7ff653f25fef-7ff653f2605d call 7ff653f1a900 call 7ff653f21578 487->515 494 7ff653f25c7e-7ff653f25c82 492->494 495 7ff653f25c5e-7ff653f25c61 492->495 498 7ff653f25c85-7ff653f25c8d 494->498 497 7ff653f25c64-7ff653f25c6f 495->497 500 7ff653f25c7a-7ff653f25c7c 497->500 501 7ff653f25c71-7ff653f25c78 497->501 498->498 502 7ff653f25c8f-7ff653f25ca2 call 7ff653f1d5fc 498->502 500->494 504 7ff653f25cab-7ff653f25cb9 500->504 501->497 501->500 509 7ff653f25cba-7ff653f25cc6 call 7ff653f1a948 502->509 510 7ff653f25ca4-7ff653f25ca6 call 7ff653f1a948 502->510 519 7ff653f25ccd-7ff653f25cd5 509->519 510->504 514->515 523 7ff653f25ec8-7ff653f25ed3 call 7ff653f255c8 514->523 533 7ff653f2606b-7ff653f2606e 515->533 534 7ff653f2605f-7ff653f26066 515->534 519->519 522 7ff653f25cd7-7ff653f25ce8 call 7ff653f20474 519->522 522->487 531 7ff653f25cee-7ff653f25d44 call 7ff653f2a4d0 * 4 call 7ff653f25b1c 522->531 523->515 532 7ff653f25ed9-7ff653f25efc call 7ff653f1a948 GetTimeZoneInformation 523->532 592 7ff653f25d46-7ff653f25d4a 531->592 546 7ff653f25f02-7ff653f25f23 532->546 547 7ff653f25fc4-7ff653f25fee call 7ff653f25580 call 7ff653f25570 call 7ff653f25578 532->547 537 7ff653f26070 533->537 538 7ff653f260a5-7ff653f260b8 call 7ff653f1d5fc 533->538 539 7ff653f260fb-7ff653f260fe 534->539 542 7ff653f26073 537->542 552 7ff653f260ba 538->552 553 7ff653f260c3-7ff653f260de call 7ff653f21578 538->553 539->542 544 7ff653f26104-7ff653f2610c call 7ff653f25c00 539->544 548 7ff653f26078-7ff653f260a4 call 7ff653f1a948 call 7ff653f0c550 542->548 549 7ff653f26073 call 7ff653f25e7c 542->549 544->548 556 7ff653f25f2e-7ff653f25f35 546->556 557 7ff653f25f25-7ff653f25f2b 546->557 549->548 560 7ff653f260bc-7ff653f260c1 call 7ff653f1a948 552->560 575 7ff653f260e0-7ff653f260e3 553->575 576 7ff653f260e5-7ff653f260f7 call 7ff653f1a948 553->576 563 7ff653f25f37-7ff653f25f3f 556->563 564 7ff653f25f49 556->564 557->556 560->537 563->564 570 7ff653f25f41-7ff653f25f47 563->570 571 7ff653f25f4b-7ff653f25fbf call 7ff653f2a4d0 * 4 call 7ff653f22b5c call 7ff653f26114 * 2 564->571 570->571 571->547 575->560 576->539 593 7ff653f25d4c 592->593 594 7ff653f25d50-7ff653f25d54 592->594 593->594 594->592 596 7ff653f25d56-7ff653f25d7b call 7ff653f16b58 594->596 602 7ff653f25d7e-7ff653f25d82 596->602 604 7ff653f25d91-7ff653f25d95 602->604 605 7ff653f25d84-7ff653f25d8f 602->605 604->602 605->604 607 7ff653f25d97-7ff653f25d9b 605->607 609 7ff653f25d9d-7ff653f25dc5 call 7ff653f16b58 607->609 610 7ff653f25e1c-7ff653f25e20 607->610 619 7ff653f25dc7 609->619 620 7ff653f25de3-7ff653f25de7 609->620 612 7ff653f25e27-7ff653f25e34 610->612 613 7ff653f25e22-7ff653f25e24 610->613 615 7ff653f25e36-7ff653f25e4c call 7ff653f25b1c 612->615 616 7ff653f25e4f-7ff653f25e5e call 7ff653f25580 call 7ff653f25570 612->616 613->612 615->616 616->487 624 7ff653f25dca-7ff653f25dd1 619->624 620->610 622 7ff653f25de9-7ff653f25e07 call 7ff653f16b58 620->622 631 7ff653f25e13-7ff653f25e1a 622->631 624->620 627 7ff653f25dd3-7ff653f25de1 624->627 627->620 627->624 631->610 632 7ff653f25e09-7ff653f25e0d 631->632 632->610 633 7ff653f25e0f 632->633 633->631
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF653F25C45
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F25598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF653F255AC
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F1A948: RtlFreeHeap.NTDLL(?,?,?,00007FF653F22D22,?,?,?,00007FF653F22D5F,?,?,00000000,00007FF653F23225,?,?,?,00007FF653F23157), ref: 00007FF653F1A95E
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F1A948: GetLastError.KERNEL32(?,?,?,00007FF653F22D22,?,?,?,00007FF653F22D5F,?,?,00000000,00007FF653F23225,?,?,?,00007FF653F23157), ref: 00007FF653F1A968
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F1A900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF653F1A8DF,?,?,?,?,?,00007FF653F1A7CA), ref: 00007FF653F1A909
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F1A900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF653F1A8DF,?,?,?,?,?,00007FF653F1A7CA), ref: 00007FF653F1A92E
                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF653F25C34
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F255F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF653F2560C
                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF653F25EAA
                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF653F25EBB
                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF653F25ECC
                                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF653F2610C), ref: 00007FF653F25EF3
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                        • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                        • API String ID: 4070488512-239921721
                                                                                                                                                                                                                                        • Opcode ID: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
                                                                                                                                                                                                                                        • Instruction ID: b8c3a5181aa7a1fc45ef6f25496bc13374628244f10c2d7fd819711766e18795
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 78D1C322A2868286EB20DF21DE431B9A353EF84F94F488136FA4DF7695DF3CE4418740
                                                                                                                                                                                                                                        Function 00007FF653F26964 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 693 7ff653f26964-7ff653f269d7 call 7ff653f26698 696 7ff653f269d9-7ff653f269e2 call 7ff653f14ee8 693->696 697 7ff653f269f1-7ff653f269fb call 7ff653f18520 693->697 702 7ff653f269e5-7ff653f269ec call 7ff653f14f08 696->702 703 7ff653f26a16-7ff653f26a7f CreateFileW 697->703 704 7ff653f269fd-7ff653f26a14 call 7ff653f14ee8 call 7ff653f14f08 697->704 717 7ff653f26d32-7ff653f26d52 702->717 707 7ff653f26afc-7ff653f26b07 GetFileType 703->707 708 7ff653f26a81-7ff653f26a87 703->708 704->702 710 7ff653f26b09-7ff653f26b44 GetLastError call 7ff653f14e7c CloseHandle 707->710 711 7ff653f26b5a-7ff653f26b61 707->711 713 7ff653f26ac9-7ff653f26af7 GetLastError call 7ff653f14e7c 708->713 714 7ff653f26a89-7ff653f26a8d 708->714 710->702 728 7ff653f26b4a-7ff653f26b55 call 7ff653f14f08 710->728 720 7ff653f26b69-7ff653f26b6c 711->720 721 7ff653f26b63-7ff653f26b67 711->721 713->702 714->713 715 7ff653f26a8f-7ff653f26ac7 CreateFileW 714->715 715->707 715->713 725 7ff653f26b72-7ff653f26bc7 call 7ff653f18438 720->725 726 7ff653f26b6e 720->726 721->725 731 7ff653f26be6-7ff653f26c17 call 7ff653f26418 725->731 732 7ff653f26bc9-7ff653f26bd5 call 7ff653f268a0 725->732 726->725 728->702 739 7ff653f26c19-7ff653f26c1b 731->739 740 7ff653f26c1d-7ff653f26c5f 731->740 732->731 738 7ff653f26bd7 732->738 741 7ff653f26bd9-7ff653f26be1 call 7ff653f1aac0 738->741 739->741 742 7ff653f26c81-7ff653f26c8c 740->742 743 7ff653f26c61-7ff653f26c65 740->743 741->717 744 7ff653f26d30 742->744 745 7ff653f26c92-7ff653f26c96 742->745 743->742 747 7ff653f26c67-7ff653f26c7c 743->747 744->717 745->744 748 7ff653f26c9c-7ff653f26ce1 CloseHandle CreateFileW 745->748 747->742 750 7ff653f26d16-7ff653f26d2b 748->750 751 7ff653f26ce3-7ff653f26d11 GetLastError call 7ff653f14e7c call 7ff653f18660 748->751 750->744 751->750
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1617910340-0
                                                                                                                                                                                                                                        • Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                                                        • Instruction ID: c0df3d7ab4698e2bc700680b1ac1df8c4526abcf32db50eed6dd3cc41c0dc4ea
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0EC1A036B28A86C5EB10CFA5D9926AC3762F749F98B094235EE1EB7794CF38D451C700
                                                                                                                                                                                                                                        Function 00007FF653F25E7C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 959 7ff653f25e7c-7ff653f25eb1 call 7ff653f25588 call 7ff653f25590 call 7ff653f255f8 966 7ff653f25eb7-7ff653f25ec2 call 7ff653f25598 959->966 967 7ff653f25fef-7ff653f2605d call 7ff653f1a900 call 7ff653f21578 959->967 966->967 972 7ff653f25ec8-7ff653f25ed3 call 7ff653f255c8 966->972 979 7ff653f2606b-7ff653f2606e 967->979 980 7ff653f2605f-7ff653f26066 967->980 972->967 978 7ff653f25ed9-7ff653f25efc call 7ff653f1a948 GetTimeZoneInformation 972->978 989 7ff653f25f02-7ff653f25f23 978->989 990 7ff653f25fc4-7ff653f25fee call 7ff653f25580 call 7ff653f25570 call 7ff653f25578 978->990 982 7ff653f26070 979->982 983 7ff653f260a5-7ff653f260b8 call 7ff653f1d5fc 979->983 984 7ff653f260fb-7ff653f260fe 980->984 986 7ff653f26073 982->986 995 7ff653f260ba 983->995 996 7ff653f260c3-7ff653f260de call 7ff653f21578 983->996 984->986 988 7ff653f26104-7ff653f2610c call 7ff653f25c00 984->988 991 7ff653f26078-7ff653f260a4 call 7ff653f1a948 call 7ff653f0c550 986->991 992 7ff653f26073 call 7ff653f25e7c 986->992 988->991 998 7ff653f25f2e-7ff653f25f35 989->998 999 7ff653f25f25-7ff653f25f2b 989->999 992->991 1002 7ff653f260bc-7ff653f260c1 call 7ff653f1a948 995->1002 1015 7ff653f260e0-7ff653f260e3 996->1015 1016 7ff653f260e5-7ff653f260f7 call 7ff653f1a948 996->1016 1004 7ff653f25f37-7ff653f25f3f 998->1004 1005 7ff653f25f49 998->1005 999->998 1002->982 1004->1005 1010 7ff653f25f41-7ff653f25f47 1004->1010 1011 7ff653f25f4b-7ff653f25fbf call 7ff653f2a4d0 * 4 call 7ff653f22b5c call 7ff653f26114 * 2 1005->1011 1010->1011 1011->990 1015->1002 1016->984
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF653F25EAA
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F255F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF653F2560C
                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF653F25EBB
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F25598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF653F255AC
                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF653F25ECC
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F255C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF653F255DC
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F1A948: RtlFreeHeap.NTDLL(?,?,?,00007FF653F22D22,?,?,?,00007FF653F22D5F,?,?,00000000,00007FF653F23225,?,?,?,00007FF653F23157), ref: 00007FF653F1A95E
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F1A948: GetLastError.KERNEL32(?,?,?,00007FF653F22D22,?,?,?,00007FF653F22D5F,?,?,00000000,00007FF653F23225,?,?,?,00007FF653F23157), ref: 00007FF653F1A968
                                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF653F2610C), ref: 00007FF653F25EF3
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                        • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                        • API String ID: 3458911817-239921721
                                                                                                                                                                                                                                        • Opcode ID: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
                                                                                                                                                                                                                                        • Instruction ID: 032884434e37cbf4095f153d11afda82c2c05f28516cdcb95b20ec81aa652d17
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 40516032A2868286E710DF61EE835B9A763BB48F84F484136EA4DF7695DF3CE4518740
                                                                                                                                                                                                                                        Function 00007FF653F09280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2295610775-0
                                                                                                                                                                                                                                        • Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                                                        • Instruction ID: 25c36eecb776269812dfb5f67d1a7147d46a34bf3760cb8077b9a7a8e6296dde
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 63F0CD22A2C74187F7A08B54B8967667351AB44B24F080335D96E736D4DF3CD058CA00
                                                                                                                                                                                                                                        Function 00007FF653F01950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 331 7ff653f01950-7ff653f0198b call 7ff653f045c0 334 7ff653f01991-7ff653f019d1 call 7ff653f07f90 331->334 335 7ff653f01c4e-7ff653f01c72 call 7ff653f0c550 331->335 340 7ff653f01c3b-7ff653f01c3e call 7ff653f1004c 334->340 341 7ff653f019d7-7ff653f019e7 call 7ff653f106d4 334->341 345 7ff653f01c43-7ff653f01c4b 340->345 346 7ff653f019e9-7ff653f01a03 call 7ff653f14f08 call 7ff653f02910 341->346 347 7ff653f01a08-7ff653f01a24 call 7ff653f1039c 341->347 345->335 346->340 352 7ff653f01a45-7ff653f01a5a call 7ff653f14f28 347->352 353 7ff653f01a26-7ff653f01a40 call 7ff653f14f08 call 7ff653f02910 347->353 361 7ff653f01a5c-7ff653f01a76 call 7ff653f14f08 call 7ff653f02910 352->361 362 7ff653f01a7b-7ff653f01afc call 7ff653f01c80 * 2 call 7ff653f106d4 352->362 353->340 361->340 373 7ff653f01b01-7ff653f01b14 call 7ff653f14f44 362->373 376 7ff653f01b35-7ff653f01b4e call 7ff653f1039c 373->376 377 7ff653f01b16-7ff653f01b30 call 7ff653f14f08 call 7ff653f02910 373->377 382 7ff653f01b50-7ff653f01b6a call 7ff653f14f08 call 7ff653f02910 376->382 383 7ff653f01b6f-7ff653f01b8b call 7ff653f10110 376->383 377->340 382->340 391 7ff653f01b9e-7ff653f01bac 383->391 392 7ff653f01b8d-7ff653f01b99 call 7ff653f02710 383->392 391->340 395 7ff653f01bb2-7ff653f01bb9 391->395 392->340 397 7ff653f01bc1-7ff653f01bc7 395->397 398 7ff653f01be0-7ff653f01bef 397->398 399 7ff653f01bc9-7ff653f01bd6 397->399 398->398 400 7ff653f01bf1-7ff653f01bfa 398->400 399->400 401 7ff653f01c0f 400->401 402 7ff653f01bfc-7ff653f01bff 400->402 404 7ff653f01c11-7ff653f01c24 401->404 402->401 403 7ff653f01c01-7ff653f01c04 402->403 403->401 405 7ff653f01c06-7ff653f01c09 403->405 406 7ff653f01c2d-7ff653f01c39 404->406 407 7ff653f01c26 404->407 405->401 408 7ff653f01c0b-7ff653f01c0d 405->408 406->340 406->397 407->406 408->404
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F07F90: _fread_nolock.LIBCMT ref: 00007FF653F0803A
                                                                                                                                                                                                                                        • _fread_nolock.LIBCMT ref: 00007FF653F01A1B
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F02910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF653F01B6A), ref: 00007FF653F0295E
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                                        • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                        • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                                        • Opcode ID: e060d84aa5bf36d8a380aea433863807716a2bfcfbbc2a242715e1548c9dcf31
                                                                                                                                                                                                                                        • Instruction ID: 029d99e68dd487bbcfacb5923a1cb7f62739487c84acfd97c446f2610257d53b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e060d84aa5bf36d8a380aea433863807716a2bfcfbbc2a242715e1548c9dcf31
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A819475A2868686EB20DB18E5436F933A2EF84F44F488435ED8EF7785DE3CE5458740
                                                                                                                                                                                                                                        Function 00007FF653F01600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 409 7ff653f01600-7ff653f01611 410 7ff653f01613-7ff653f0161c call 7ff653f01050 409->410 411 7ff653f01637-7ff653f01651 call 7ff653f045c0 409->411 418 7ff653f0162e-7ff653f01636 410->418 419 7ff653f0161e-7ff653f01629 call 7ff653f02710 410->419 416 7ff653f01653-7ff653f01681 call 7ff653f14f08 call 7ff653f02910 411->416 417 7ff653f01682-7ff653f0169c call 7ff653f045c0 411->417 426 7ff653f0169e-7ff653f016b3 call 7ff653f02710 417->426 427 7ff653f016b8-7ff653f016cf call 7ff653f106d4 417->427 419->418 433 7ff653f01821-7ff653f01824 call 7ff653f1004c 426->433 434 7ff653f016d1-7ff653f016f4 call 7ff653f14f08 call 7ff653f02910 427->434 435 7ff653f016f9-7ff653f016fd 427->435 443 7ff653f01829-7ff653f0183b 433->443 448 7ff653f01819-7ff653f0181c call 7ff653f1004c 434->448 436 7ff653f016ff-7ff653f0170b call 7ff653f01210 435->436 437 7ff653f01717-7ff653f01737 call 7ff653f14f44 435->437 445 7ff653f01710-7ff653f01712 436->445 449 7ff653f01761-7ff653f0176c 437->449 450 7ff653f01739-7ff653f0175c call 7ff653f14f08 call 7ff653f02910 437->450 445->448 448->433 451 7ff653f01802-7ff653f0180a call 7ff653f14f30 449->451 452 7ff653f01772-7ff653f01777 449->452 462 7ff653f0180f-7ff653f01814 450->462 451->462 455 7ff653f01780-7ff653f017a2 call 7ff653f1039c 452->455 464 7ff653f017a4-7ff653f017bc call 7ff653f10adc 455->464 465 7ff653f017da-7ff653f017e6 call 7ff653f14f08 455->465 462->448 470 7ff653f017c5-7ff653f017d8 call 7ff653f14f08 464->470 471 7ff653f017be-7ff653f017c1 464->471 472 7ff653f017ed-7ff653f017f8 call 7ff653f02910 465->472 470->472 471->455 474 7ff653f017c3 471->474 477 7ff653f017fd 472->477 474->477 477->451
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                        • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                                        • API String ID: 2050909247-1550345328
                                                                                                                                                                                                                                        • Opcode ID: cb3c2a77d8d213a9a8c367c96bf5f808a4f883a2ce5e30ac5d600dd79daf51e0
                                                                                                                                                                                                                                        • Instruction ID: 54686896bca15203c323a29cbf6e130f4815362373c58e9174ca6b5e392f0c2e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb3c2a77d8d213a9a8c367c96bf5f808a4f883a2ce5e30ac5d600dd79daf51e0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D251DF65B2864792EA109B19E9421B923A2BF80F94F8C4531EE4EF77D2DE3CF955C300
                                                                                                                                                                                                                                        Function 00007FF653F08660 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetTempPathW.KERNEL32(?,?,00000000,00007FF653F03CBB), ref: 00007FF653F08704
                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,00000000,00007FF653F03CBB), ref: 00007FF653F0870A
                                                                                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(?,00000000,00007FF653F03CBB), ref: 00007FF653F0874C
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F08830: GetEnvironmentVariableW.KERNEL32(00007FF653F0388E), ref: 00007FF653F08867
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F08830: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF653F08889
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F18238: _invalid_parameter_noinfo.LIBCMT ref: 00007FF653F18251
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F02810: MessageBoxW.USER32 ref: 00007FF653F028EA
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                        • API String ID: 3563477958-1339014028
                                                                                                                                                                                                                                        • Opcode ID: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
                                                                                                                                                                                                                                        • Instruction ID: 3bb40402b9a6cf051be10737ba0a3b9f5044b09df7a104b7d13abaeff9da0c1e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 71417161A3968284EA15A769FA572B91293AF84FC0F4C4131ED0EF77DADE3CE505C700
                                                                                                                                                                                                                                        Function 00007FF653F01210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 756 7ff653f01210-7ff653f0126d call 7ff653f0bd80 759 7ff653f0126f-7ff653f01296 call 7ff653f02710 756->759 760 7ff653f01297-7ff653f012af call 7ff653f14f44 756->760 765 7ff653f012d4-7ff653f012e4 call 7ff653f14f44 760->765 766 7ff653f012b1-7ff653f012cf call 7ff653f14f08 call 7ff653f02910 760->766 772 7ff653f01309-7ff653f0131b 765->772 773 7ff653f012e6-7ff653f01304 call 7ff653f14f08 call 7ff653f02910 765->773 778 7ff653f01439-7ff653f0144e call 7ff653f0ba60 call 7ff653f14f30 * 2 766->778 774 7ff653f01320-7ff653f01345 call 7ff653f1039c 772->774 773->778 784 7ff653f01431 774->784 785 7ff653f0134b-7ff653f01355 call 7ff653f10110 774->785 793 7ff653f01453-7ff653f0146d 778->793 784->778 785->784 792 7ff653f0135b-7ff653f01367 785->792 794 7ff653f01370-7ff653f01398 call 7ff653f0a1c0 792->794 797 7ff653f0139a-7ff653f0139d 794->797 798 7ff653f01416-7ff653f0142c call 7ff653f02710 794->798 799 7ff653f01411 797->799 800 7ff653f0139f-7ff653f013a9 797->800 798->784 799->798 802 7ff653f013d4-7ff653f013d7 800->802 803 7ff653f013ab-7ff653f013b9 call 7ff653f10adc 800->803 804 7ff653f013ea-7ff653f013ef 802->804 805 7ff653f013d9-7ff653f013e7 call 7ff653f29e30 802->805 809 7ff653f013be-7ff653f013c1 803->809 804->794 808 7ff653f013f5-7ff653f013f8 804->808 805->804 811 7ff653f0140c-7ff653f0140f 808->811 812 7ff653f013fa-7ff653f013fd 808->812 813 7ff653f013c3-7ff653f013cd call 7ff653f10110 809->813 814 7ff653f013cf-7ff653f013d2 809->814 811->784 812->798 816 7ff653f013ff-7ff653f01407 812->816 813->804 813->814 814->798 816->774
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                        • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                        • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                                        • Opcode ID: c68ada16c8054f5beab9184a2d33c9fb43cd0d4882f5edf9030f6e60bcef94b6
                                                                                                                                                                                                                                        • Instruction ID: 101883517acd0e3675cfaf44fbdc243f9aff0ce228241cdac421b969071278d0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c68ada16c8054f5beab9184a2d33c9fb43cd0d4882f5edf9030f6e60bcef94b6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F2512866A2868281EA209B19E8423BA6293FF85F94F4C4131ED4EF77D5EF3CE445C700
                                                                                                                                                                                                                                        Function 00007FF653F036B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,00007FF653F03804), ref: 00007FF653F036E1
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF653F03804), ref: 00007FF653F036EB
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F02C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF653F03706,?,00007FF653F03804), ref: 00007FF653F02C9E
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F02C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF653F03706,?,00007FF653F03804), ref: 00007FF653F02D63
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F02C50: MessageBoxW.USER32 ref: 00007FF653F02D99
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                                                        • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                        • API String ID: 3187769757-2863816727
                                                                                                                                                                                                                                        • Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                                                        • Instruction ID: 7c9025d879be53a4a17c58ea6e91d9bad98bb5d8c12ec42be0f2074c83987bdc
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A218361B3C68291FA20D728ED523BA6292BF88B54F484132E65FF75E5EE2CE504C740
                                                                                                                                                                                                                                        Function 00007FF653F1BA5C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 846 7ff653f1ba5c-7ff653f1ba82 847 7ff653f1ba9d-7ff653f1baa1 846->847 848 7ff653f1ba84-7ff653f1ba98 call 7ff653f14ee8 call 7ff653f14f08 846->848 850 7ff653f1be77-7ff653f1be83 call 7ff653f14ee8 call 7ff653f14f08 847->850 851 7ff653f1baa7-7ff653f1baae 847->851 862 7ff653f1be8e 848->862 869 7ff653f1be89 call 7ff653f1a8e0 850->869 851->850 853 7ff653f1bab4-7ff653f1bae2 851->853 853->850 856 7ff653f1bae8-7ff653f1baef 853->856 859 7ff653f1bb08-7ff653f1bb0b 856->859 860 7ff653f1baf1-7ff653f1bb03 call 7ff653f14ee8 call 7ff653f14f08 856->860 865 7ff653f1bb11-7ff653f1bb17 859->865 866 7ff653f1be73-7ff653f1be75 859->866 860->869 867 7ff653f1be91-7ff653f1bea8 862->867 865->866 870 7ff653f1bb1d-7ff653f1bb20 865->870 866->867 869->862 870->860 871 7ff653f1bb22-7ff653f1bb47 870->871 874 7ff653f1bb49-7ff653f1bb4b 871->874 875 7ff653f1bb7a-7ff653f1bb81 871->875 877 7ff653f1bb4d-7ff653f1bb54 874->877 878 7ff653f1bb72-7ff653f1bb78 874->878 879 7ff653f1bb56-7ff653f1bb6d call 7ff653f14ee8 call 7ff653f14f08 call 7ff653f1a8e0 875->879 880 7ff653f1bb83-7ff653f1bbab call 7ff653f1d5fc call 7ff653f1a948 * 2 875->880 877->878 877->879 882 7ff653f1bbf8-7ff653f1bc0f 878->882 911 7ff653f1bd00 879->911 907 7ff653f1bbc8-7ff653f1bbf3 call 7ff653f1c284 880->907 908 7ff653f1bbad-7ff653f1bbc3 call 7ff653f14f08 call 7ff653f14ee8 880->908 885 7ff653f1bc8a-7ff653f1bc94 call 7ff653f2391c 882->885 886 7ff653f1bc11-7ff653f1bc19 882->886 898 7ff653f1bc9a-7ff653f1bcaf 885->898 899 7ff653f1bd1e 885->899 886->885 890 7ff653f1bc1b-7ff653f1bc1d 886->890 890->885 895 7ff653f1bc1f-7ff653f1bc35 890->895 895->885 900 7ff653f1bc37-7ff653f1bc43 895->900 898->899 905 7ff653f1bcb1-7ff653f1bcc3 GetConsoleMode 898->905 903 7ff653f1bd23-7ff653f1bd43 ReadFile 899->903 900->885 901 7ff653f1bc45-7ff653f1bc47 900->901 901->885 906 7ff653f1bc49-7ff653f1bc61 901->906 909 7ff653f1bd49-7ff653f1bd51 903->909 910 7ff653f1be3d-7ff653f1be46 GetLastError 903->910 905->899 912 7ff653f1bcc5-7ff653f1bccd 905->912 906->885 914 7ff653f1bc63-7ff653f1bc6f 906->914 907->882 908->911 909->910 916 7ff653f1bd57 909->916 919 7ff653f1be48-7ff653f1be5e call 7ff653f14f08 call 7ff653f14ee8 910->919 920 7ff653f1be63-7ff653f1be66 910->920 913 7ff653f1bd03-7ff653f1bd0d call 7ff653f1a948 911->913 912->903 918 7ff653f1bccf-7ff653f1bcf1 ReadConsoleW 912->918 913->867 914->885 922 7ff653f1bc71-7ff653f1bc73 914->922 926 7ff653f1bd5e-7ff653f1bd73 916->926 928 7ff653f1bcf3 GetLastError 918->928 929 7ff653f1bd12-7ff653f1bd1c 918->929 919->911 923 7ff653f1bcf9-7ff653f1bcfb call 7ff653f14e7c 920->923 924 7ff653f1be6c-7ff653f1be6e 920->924 922->885 933 7ff653f1bc75-7ff653f1bc85 922->933 923->911 924->913 926->913 935 7ff653f1bd75-7ff653f1bd80 926->935 928->923 929->926 933->885 939 7ff653f1bda7-7ff653f1bdaf 935->939 940 7ff653f1bd82-7ff653f1bd9b call 7ff653f1b674 935->940 943 7ff653f1be2b-7ff653f1be38 call 7ff653f1b4b4 939->943 944 7ff653f1bdb1-7ff653f1bdc3 939->944 946 7ff653f1bda0-7ff653f1bda2 940->946 943->946 947 7ff653f1be1e-7ff653f1be26 944->947 948 7ff653f1bdc5 944->948 946->913 947->913 949 7ff653f1bdca-7ff653f1bdd1 948->949 951 7ff653f1be0d-7ff653f1be18 949->951 952 7ff653f1bdd3-7ff653f1bdd7 949->952 951->947 953 7ff653f1bdd9-7ff653f1bde0 952->953 954 7ff653f1bdf3 952->954 953->954 955 7ff653f1bde2-7ff653f1bde6 953->955 956 7ff653f1bdf9-7ff653f1be09 954->956 955->954 957 7ff653f1bde8-7ff653f1bdf1 955->957 956->949 958 7ff653f1be0b 956->958 957->956 958->947
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
                                                                                                                                                                                                                                        • Instruction ID: 8d8e2ca3f0ded474f2a51296c36356b5f9816522e6992a25c36b39252dae521c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F4C1DFB2A2C686D1E6648B15E4422BE3B62FBC1F90F5D4131EA4EB3791CF7DE8558700
                                                                                                                                                                                                                                        Function 00007FF653F08570 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 995526605-0
                                                                                                                                                                                                                                        • Opcode ID: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
                                                                                                                                                                                                                                        • Instruction ID: 342020a6bae985eb40ed4f7f70bbbdf93a058ad1664e8a1e7a217e83e2cdf19f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0217931A1C64681EB118B59F94563EA3A2FF85BA0F580235EA6EB37E4DF7CD8458700
                                                                                                                                                                                                                                        Function 00007FF653F090E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F08570: GetCurrentProcess.KERNEL32 ref: 00007FF653F08590
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F08570: OpenProcessToken.ADVAPI32 ref: 00007FF653F085A3
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F08570: GetTokenInformation.KERNELBASE ref: 00007FF653F085C8
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F08570: GetLastError.KERNEL32 ref: 00007FF653F085D2
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F08570: GetTokenInformation.KERNELBASE ref: 00007FF653F08612
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F08570: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF653F0862E
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F08570: CloseHandle.KERNEL32 ref: 00007FF653F08646
                                                                                                                                                                                                                                        • LocalFree.KERNEL32(?,00007FF653F03C55), ref: 00007FF653F0916C
                                                                                                                                                                                                                                        • LocalFree.KERNEL32(?,00007FF653F03C55), ref: 00007FF653F09175
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                        • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                                        • API String ID: 6828938-1529539262
                                                                                                                                                                                                                                        • Opcode ID: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
                                                                                                                                                                                                                                        • Instruction ID: 926ec5a28e1c1e99cc991b9a05b63ef44c6c4babfe77d59830102ce5115235aa
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1212321A2878192F6109B54E9167FA62A6FF84B80F484035FA4EB7796DF3CD9458740
                                                                                                                                                                                                                                        Function 00007FF653F07E20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(00000000,?,00007FF653F0352C,?,00000000,00007FF653F03F23), ref: 00007FF653F07F32
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CreateDirectory
                                                                                                                                                                                                                                        • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                                        • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                                        • Opcode ID: 302ffdc47f1f131389ecc473fe7ae023bae846d875cccfc6523225b15fd92315
                                                                                                                                                                                                                                        • Instruction ID: 5ed3189e24336b978d3e0cc17401057f4e80ad0d8e4ac40fdcb6e33bf2195972
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 302ffdc47f1f131389ecc473fe7ae023bae846d875cccfc6523225b15fd92315
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0831E621629AC145EA218B24E8527EA6356EF84FE0F480230FE6EF77C9DF3CD6458740
                                                                                                                                                                                                                                        Function 00007FF653F1CF60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF653F1CF4B), ref: 00007FF653F1D07C
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF653F1CF4B), ref: 00007FF653F1D107
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 953036326-0
                                                                                                                                                                                                                                        • Opcode ID: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                                                                                                                                                                        • Instruction ID: b2ffe93d641d3b2e965c9e99091d8a653f275f733f871018263747ea3d3b4857
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5C91B6B2F28A5195F7509F65E8422BD2BB2BB44F88F184139EE0EB7695DF38D442C700
                                                                                                                                                                                                                                        Function 00007FF653F1F98C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 4170891091-0
                                                                                                                                                                                                                                        • Opcode ID: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                                                                                                        • Instruction ID: e1404727a0156260331156e7994cac0e49cabb1e743f1b4856e712aa6e547bff
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9951E8B2F242129AEB14CF64E9566BD2766AB44B68F580335DD1DB3BE5DF3CE4028600
                                                                                                                                                                                                                                        Function 00007FF653F1577C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2780335769-0
                                                                                                                                                                                                                                        • Opcode ID: 601044899bb77d1db34704472f686b9691880a3163deed0eb7e9945e8072c835
                                                                                                                                                                                                                                        • Instruction ID: 5f966285e5aa51676735893002b4c63cc91456067e2c2f85419d7d29811f0302
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 601044899bb77d1db34704472f686b9691880a3163deed0eb7e9945e8072c835
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE518CB2E286458AFB14CFB1E5523BD27B2AB48F68F184435DE0DBB688DF78D4408700
                                                                                                                                                                                                                                        Function 00007FF653F15628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1279662727-0
                                                                                                                                                                                                                                        • Opcode ID: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
                                                                                                                                                                                                                                        • Instruction ID: d109240ed295eec31f2791edf69e3a9853b065d7dfd2f001f253aecc1c0b7376
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4841A4B2D3878283E7148B20E5123797261FB94BA4F148335EA9C63AD1DF7CE4E08740
                                                                                                                                                                                                                                        Function 00007FF653F0CC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3251591375-0
                                                                                                                                                                                                                                        • Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                                                        • Instruction ID: b704c9a3671d367279017fa028cb42cf0648f3a74309811f7e3e3c77ad31361d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A0313C25E2914781FA14AB69E9533BA16C39F41F88F4C5034E95FFB2D7DE2CF9048281
                                                                                                                                                                                                                                        Function 00007FF653F1013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                                                        • Instruction ID: 4bfa3a8946d0c955afd483b899b88bb92e27290810ed1a801af087e63324fd86
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 98510BB1B2928386FB649A26E40267A6693BF84FA4F1C4735ED7DB77D5CE3CD4018600
                                                                                                                                                                                                                                        Function 00007FF653F1C134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2976181284-0
                                                                                                                                                                                                                                        • Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                                                        • Instruction ID: 823fe7ce4ec10ae09a58a95c9b71f79767512926ac736367d5f1e1dcc399faec
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 341104B2A28A8181DA608B25F8110696362AB41FF4F580331EEBDB77E9CE7CD4108700
                                                                                                                                                                                                                                        Function 00007FF653F15924 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF653F15839), ref: 00007FF653F15957
                                                                                                                                                                                                                                        • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF653F15839), ref: 00007FF653F1596D
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1707611234-0
                                                                                                                                                                                                                                        • Opcode ID: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
                                                                                                                                                                                                                                        • Instruction ID: 3b2a067cb0326e78c920f3c5e5abe80a56b1718e6a163d2317995e26d00d50b3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5511C1B261C74282EB108B04F41243AB7A2FB84B71F940236FA9DE29D8EF6CD414CB00
                                                                                                                                                                                                                                        Function 00007FF653F1A948 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL(?,?,?,00007FF653F22D22,?,?,?,00007FF653F22D5F,?,?,00000000,00007FF653F23225,?,?,?,00007FF653F23157), ref: 00007FF653F1A95E
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF653F22D22,?,?,?,00007FF653F22D5F,?,?,00000000,00007FF653F23225,?,?,?,00007FF653F23157), ref: 00007FF653F1A968
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 485612231-0
                                                                                                                                                                                                                                        • Opcode ID: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                                                                                                                                                                        • Instruction ID: 034ebd3ce6d5820c75d39ee0e1bbe993827256da2605abae38421e775d740840
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0E04FA0E2924282FE155BF2A84713812535F84F40F4C0030D80DF32A1DE2CE8918710
                                                                                                                                                                                                                                        Function 00007FF653F1AB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • CloseHandle.KERNELBASE(?,?,?,00007FF653F1A9D5,?,?,00000000,00007FF653F1AA8A), ref: 00007FF653F1ABC6
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF653F1A9D5,?,?,00000000,00007FF653F1AA8A), ref: 00007FF653F1ABD0
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 918212764-0
                                                                                                                                                                                                                                        • Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                                                        • Instruction ID: 94550033bc6b0540cfba2566c8ce62b84250361bb12b75558da3388e6ead4e20
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E216FB1B3878241EEA597A5F59227A16939F84FA4F0C4239EA2EF77D1CE6CE4414310
                                                                                                                                                                                                                                        Function 00007FF653F1BEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                                                        • Instruction ID: d150eacb5ea3484084e236b680b552bf3ce24a9003247ae6d8707ca38795b510
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3041D672928245C7EA349B99F54227973A2EB95F91F180131D68EF36D1CF2CE802DB51
                                                                                                                                                                                                                                        Function 00007FF653F07F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _fread_nolock
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 840049012-0
                                                                                                                                                                                                                                        • Opcode ID: 92d29e443cb0c06cef3e21f718b83060998d20949f4fd0e1cf3ffbb0f0d41c49
                                                                                                                                                                                                                                        • Instruction ID: 4e28151d87e3ad88121e8f35d686c8ca4d698455f3a1798c91082761c69b3219
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 92d29e443cb0c06cef3e21f718b83060998d20949f4fd0e1cf3ffbb0f0d41c49
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE21D621B2879246FA119A26BA063FA9652BF45FD4F8C4430EE4EB7786CE7DE041C300
                                                                                                                                                                                                                                        Function 00007FF653F1B93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
                                                                                                                                                                                                                                        • Instruction ID: 592ac17fe1b118f7583fd9ae5d37af1e7b7b359723c94ae59786525fd8c1c559
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 193150B2A3861285E6115B55E44237C2AA2AFC0FA4F890135E95DB73D2CF7CE8528711
                                                                                                                                                                                                                                        Function 00007FF653F15F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                        • Instruction ID: d1fcebdb9db8a72b157d3af17a6c033c196c74a93570645305f170760865c1a6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2F1163B1A3C64181EA609F11F40217DA266BF85F84F4C4431EA4CF7B96CF7DD4109710
                                                                                                                                                                                                                                        Function 00007FF653F26354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                                                        • Instruction ID: 8febc2df9162f2e693ba1f5cad775494dad32bba61baa145e95e42b7a7656f67
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F421D772628A81C6EB618F18E94177976A2FB84F54F184234FA9DE77D9DF7CD8018B00
                                                                                                                                                                                                                                        Function 00007FF653F103BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                        • Instruction ID: 65b6a90bd5481facd2b20c52bae4deeee30543804b42c0832896245a9005e014
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 960188B1A2874681E904DF52E942579A696BF85FE0F4C4631EE5CB7BD6CE3CE4119300
                                                                                                                                                                                                                                        Function 00007FF653F1EB98 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(?,?,00000000,00007FF653F1B32A,?,?,?,00007FF653F14F11,?,?,?,?,00007FF653F1A48A), ref: 00007FF653F1EBED
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: AllocHeap
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 4292702814-0
                                                                                                                                                                                                                                        • Opcode ID: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
                                                                                                                                                                                                                                        • Instruction ID: 6cc997445a990d2deb3c328bfff76370def5e4f11623489ad249225b1fee613f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 17F06DB4B2A24381FE5996A5E9532B612935FA8F80F4C4530DD0FF73C1EE1CE4808210
                                                                                                                                                                                                                                        Function 00007FF653F1D5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(?,?,?,00007FF653F10C90,?,?,?,00007FF653F122FA,?,?,?,?,?,00007FF653F13AE9), ref: 00007FF653F1D63A
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: AllocHeap
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 4292702814-0
                                                                                                                                                                                                                                        • Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                                                        • Instruction ID: 96cde7c94b1af91993bee0578af45a171717d17f6710c11b98fa48e2ec77c821
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5DF0F8A0F39A4785FE6567B1A94367522A65FD4FA0F0C0730ED2EF72C2DE2CE4909650

                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                        Function 00007FF653F05830 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF653F064CF,?,00007FF653F0336E), ref: 00007FF653F05840
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF653F064CF,?,00007FF653F0336E), ref: 00007FF653F05852
                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF653F064CF,?,00007FF653F0336E), ref: 00007FF653F05889
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF653F064CF,?,00007FF653F0336E), ref: 00007FF653F0589B
                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF653F064CF,?,00007FF653F0336E), ref: 00007FF653F058B4
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF653F064CF,?,00007FF653F0336E), ref: 00007FF653F058C6
                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF653F064CF,?,00007FF653F0336E), ref: 00007FF653F058DF
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF653F064CF,?,00007FF653F0336E), ref: 00007FF653F058F1
                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF653F064CF,?,00007FF653F0336E), ref: 00007FF653F0590D
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF653F064CF,?,00007FF653F0336E), ref: 00007FF653F0591F
                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF653F064CF,?,00007FF653F0336E), ref: 00007FF653F0593B
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF653F064CF,?,00007FF653F0336E), ref: 00007FF653F0594D
                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF653F064CF,?,00007FF653F0336E), ref: 00007FF653F05969
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF653F064CF,?,00007FF653F0336E), ref: 00007FF653F0597B
                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF653F064CF,?,00007FF653F0336E), ref: 00007FF653F05997
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF653F064CF,?,00007FF653F0336E), ref: 00007FF653F059A9
                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF653F064CF,?,00007FF653F0336E), ref: 00007FF653F059C5
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF653F064CF,?,00007FF653F0336E), ref: 00007FF653F059D7
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                        • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                        • API String ID: 199729137-653951865
                                                                                                                                                                                                                                        • Opcode ID: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                                                                                                                                                                        • Instruction ID: ac7406e7f5b4805a2550b345931520fc0cad7ea76268c9298ed41e2a85485fa0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4922B174A2DB8BC1FA15DB59AE525B422A3EF04F49B5C5035E85FB3260EF7CF9488240
                                                                                                                                                                                                                                        Function 00007FF653F240AC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                        • API String ID: 808467561-2761157908
                                                                                                                                                                                                                                        • Opcode ID: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
                                                                                                                                                                                                                                        • Instruction ID: a765fa55c530ac06fa6399bc8507bebc237701c4d2145619f01ef33a5c1417ab
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 61B2C672A282D2CBE7258E64DE417FD77A2FB54B44F481135EA0DB7A84DF78E9108B40
                                                                                                                                                                                                                                        Function 00007FF653F083C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,00007FF653F08919,00007FF653F03FA5), ref: 00007FF653F0842B
                                                                                                                                                                                                                                        • RemoveDirectoryW.KERNEL32(?,00007FF653F08919,00007FF653F03FA5), ref: 00007FF653F084AE
                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,00007FF653F08919,00007FF653F03FA5), ref: 00007FF653F084CD
                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(?,00007FF653F08919,00007FF653F03FA5), ref: 00007FF653F084DB
                                                                                                                                                                                                                                        • FindClose.KERNEL32(?,00007FF653F08919,00007FF653F03FA5), ref: 00007FF653F084EC
                                                                                                                                                                                                                                        • RemoveDirectoryW.KERNEL32(?,00007FF653F08919,00007FF653F03FA5), ref: 00007FF653F084F5
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                                        • String ID: %s\*
                                                                                                                                                                                                                                        • API String ID: 1057558799-766152087
                                                                                                                                                                                                                                        • Opcode ID: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                                                                                                                                                                        • Instruction ID: 6f6dcca445290742cddbd5a3bad003aa8b18ccf9edb071ddc43dd6f76fe8f581
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C241A625A2C682C1EA219F68F8465BA6362FB94F54F480232E95FF36D4DF3CE545C700
                                                                                                                                                                                                                                        Function 00007FF653F0ACAD Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                                                        • API String ID: 0-2665694366
                                                                                                                                                                                                                                        • Opcode ID: 55880860ec2df9374ed9e05eb7c1f9660e2769407a38999da05ffb99d6c3dc89
                                                                                                                                                                                                                                        • Instruction ID: fa9cc17b363bf9e1c684aa43e01aa26a00dd7fb95eda082cb259a5142fbf315a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 55880860ec2df9374ed9e05eb7c1f9660e2769407a38999da05ffb99d6c3dc89
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E352E672A256A687DBA48F18C559B7E3BAAFB44740F094139E64BA7780DF3CD844CB40
                                                                                                                                                                                                                                        Function 00007FF653F0D12C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3140674995-0
                                                                                                                                                                                                                                        • Opcode ID: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                                                                                                        • Instruction ID: 956884f17823275e8bf1eaf567de5a62329486813081b33568c0cd248aed27b6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 48313076618B85C6EB608F64EC817EE7365FB84B44F48403AEA4EA7B94DF38D548C710
                                                                                                                                                                                                                                        Function 00007FF653F1A614 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1239891234-0
                                                                                                                                                                                                                                        • Opcode ID: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                                                                                                                                                                        • Instruction ID: 6a9ef02f438326d9fb2d9d074b2a06d7c9e3592caf8c47f0725071d2f06bfa2b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AD317336628F8186DB60CF25EC412AE73A5FB88B54F580135EA9DA3B94DF3CD555CB00
                                                                                                                                                                                                                                        Function 00007FF653F21874 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2227656907-0
                                                                                                                                                                                                                                        • Opcode ID: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
                                                                                                                                                                                                                                        • Instruction ID: c24b32601020ae9a25c4d9f08819041d08d20df657d5f39f57badf04ace16b54
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 36B1C762B286D281EE619B22EE021BD6362EB44FE4F495131FD4DB7B95DE3CE441C704
                                                                                                                                                                                                                                        Function 00007FF653F0D010 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2933794660-0
                                                                                                                                                                                                                                        • Opcode ID: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                                                                                                                                                                        • Instruction ID: 8e3c87826af56130569a2544d33f5d6a7e23b41f78a235c11b35a29ae411607e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C7111C26B24B05CAEB008B60ED552B933A4FB59B58F480E31EE6DA77A4DF78D5588340
                                                                                                                                                                                                                                        Function 00007FF653F23C10 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: memcpy_s
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1502251526-0
                                                                                                                                                                                                                                        • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                        • Instruction ID: 1b989efb3e173a9437a9a46814813bb5d28673a9f5f2310572cf6c9881205e7d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94C112B2B286C6C7D724CF55A94466AB792F784F84F488135EB4AA3744CE3DE845CB40
                                                                                                                                                                                                                                        Function 00007FF653F0A474 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                                                        • API String ID: 0-1127688429
                                                                                                                                                                                                                                        • Opcode ID: fcf6ea83c7a46010d3591867e81b0f53761d3f113121264a3729654d2d1b513f
                                                                                                                                                                                                                                        • Instruction ID: fd7362db726925936a4bf36b2fd620aea3c0e5467a96bffa1edfc1528bc338e3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fcf6ea83c7a46010d3591867e81b0f53761d3f113121264a3729654d2d1b513f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 64F18572A253D58BEBA58B18C489B3E3AEAFF44B44F094538DA4AB7390DF38D541C750
                                                                                                                                                                                                                                        Function 00007FF653F29728 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 15204871-0
                                                                                                                                                                                                                                        • Opcode ID: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
                                                                                                                                                                                                                                        • Instruction ID: 5551de9c5990dbf58db43e28003c30f7aae659221bf49eff20c0fe7a3e9ab793
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 20B13673A10B89CBEB19CF29C9463693BA1F744F48F598921EA5D937A4CF39D461C700
                                                                                                                                                                                                                                        Function 00007FF653F139A4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: $
                                                                                                                                                                                                                                        • API String ID: 0-227171996
                                                                                                                                                                                                                                        • Opcode ID: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
                                                                                                                                                                                                                                        • Instruction ID: 0893ca6aee5ba75466059ef311b8ba518b1eb0f46f43c9ccd62b3dafdcbd557b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9AE1B2B6E2864685EB68CE69E15213D33A2FF45F48F1C4236DA0EB7794DF29E851C700
                                                                                                                                                                                                                                        Function 00007FF653F0A2DB Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: incorrect header check$invalid window size
                                                                                                                                                                                                                                        • API String ID: 0-900081337
                                                                                                                                                                                                                                        • Opcode ID: 7e7bac63e97a7e962ac1d8bc37368dc0e110af78d4507200a91f80e7c7b94e68
                                                                                                                                                                                                                                        • Instruction ID: ac8ea8f6e8b6ef8c60546e63d7512b7c05e754a3e38154d11e4b5ff6fccd97ec
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e7bac63e97a7e962ac1d8bc37368dc0e110af78d4507200a91f80e7c7b94e68
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09919872A282C587EBA48A18C449B3E3A9AFF44B50F154139DA4BB77D0DF38E940CB40
                                                                                                                                                                                                                                        Function 00007FF653F1DEF0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: e+000$gfff
                                                                                                                                                                                                                                        • API String ID: 0-3030954782
                                                                                                                                                                                                                                        • Opcode ID: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
                                                                                                                                                                                                                                        • Instruction ID: 12c9029be2dff6d894bc16598a03bcfd2e7af6e350b6ab9678bafee3c282187f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 655188B2B286C186E7258E35E8127797B92E754F94F4C8231DB9CA7AD5CE3DD040C700
                                                                                                                                                                                                                                        Function 00007FF653F208C8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1010374628-0
                                                                                                                                                                                                                                        • Opcode ID: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
                                                                                                                                                                                                                                        • Instruction ID: 5f7291017a471954a026f3526582d61ff05600405d496922215cdb36456bfd6a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8027D62A3E68781FA659B11AE1227D2692AF41FA0F8D4634FD5EF73D1DE3CE4418310
                                                                                                                                                                                                                                        Function 00007FF653F1DA5C Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: gfffffff
                                                                                                                                                                                                                                        • API String ID: 0-1523873471
                                                                                                                                                                                                                                        • Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                                                        • Instruction ID: c4fc58e9d9d387c86a8f5d9ee58202fdf52082119e8f204441c7c6bacd72b4d3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8AA147B2B18BC986EB21CF25F4417BA77A2AB51B84F088131EE4DA7785DE3DE401C700
                                                                                                                                                                                                                                        Function 00007FF653F18794 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID: TMP
                                                                                                                                                                                                                                        • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                                        • Opcode ID: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
                                                                                                                                                                                                                                        • Instruction ID: 45650004c9792319094f4413897d7a045ada2a0867bea51da6058a43f4a971df
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1251A4A1F2864241FA66AA27FB1317A52926F44FE4F5C4035DD0EF77D6EE7CE4418204
                                                                                                                                                                                                                                        Function 00007FF653F23480 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: HeapProcess
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 54951025-0
                                                                                                                                                                                                                                        • Opcode ID: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
                                                                                                                                                                                                                                        • Instruction ID: 24265972913b9576a3fd7887f94769230712f45d57f75bcf90ef5e9403a464c7
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0CB09220E27B42C2EA092B616D8321822A67F58B00F9C0139C44CB2330DE2C75F55700
                                                                                                                                                                                                                                        Function 00007FF653F135A0 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
                                                                                                                                                                                                                                        • Instruction ID: af77d060aaaba4c6cb98326f0cbb5f7afa6401af791b5cac4367925c6b07803f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 03D1D2B2E2864285EB688B69E15263D27A2AB45F58F1C0236CE0DB77D5CF39E845C740
                                                                                                                                                                                                                                        Function 00007FF653F09800 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
                                                                                                                                                                                                                                        • Instruction ID: de748a256f3b9a083275edf7ab51e179975b392d19822512f43d128271971178
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6EC1AE762281E08BD289EB29E86947A73D1F78930DB99406BEF87577C5CB3CE414DB10
                                                                                                                                                                                                                                        Function 00007FF653F12C10 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
                                                                                                                                                                                                                                        • Instruction ID: a24a428fbb7dcd9a9a9ca4aac0a6a511f64cccc70e462d9294772f9ffbc59eda
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80B18DB2A2878595EB688F69E05223C3BA2FB49F48F280135CA4EB7395CF79D441D744
                                                                                                                                                                                                                                        Function 00007FF653F1E570 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
                                                                                                                                                                                                                                        • Instruction ID: 21763f2ff659e695a368d9ef5f515b8a11c3fef7c12a7d6914ed4cdbb20ff120
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C78116B2A2878146E774CF19F44237A7A92FB55B94F484235DA9DA3B89DF3DE4408B00
                                                                                                                                                                                                                                        Function 00007FF653F26418 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: 403f67b08c5d8b9127b9d27d37b93e2a1e0a746a19683c5483168a42cc689f1f
                                                                                                                                                                                                                                        • Instruction ID: 45d3884d4428fc2265931508d9df19c27f7f295dc1135700861e4641dd8faca8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 403f67b08c5d8b9127b9d27d37b93e2a1e0a746a19683c5483168a42cc689f1f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AB61FA72E282D2C6F7648A689D5363D6683AF40F64F1C0239F65DF76D5DEADE8408B00
                                                                                                                                                                                                                                        Function 00007FF653F11D54 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                                        • Instruction ID: 3dd43d2e51ccbf3a79e061a0bf75646ee0dbddc161e0e074f8acfc69c82910fd
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 925193B6A2865682E7348B29E04133833A2EB55F68F284131CE4DB77D5CF3AE853C740
                                                                                                                                                                                                                                        Function 00007FF653F11944 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                                        • Instruction ID: 273c253b475fb3351f361beb05cef49f29c255060a727f04dd7fffc4b174dcc0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0B5185B6A3865186E7248B29E04133937A2EB44F68F2C4131CE9DB7794DF3AE853C740
                                                                                                                                                                                                                                        Function 00007FF653F12164 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                                        • Instruction ID: c545d7edfb67b1e4d6e288bbf266a292f587f471905d848571352ab3bda335a4
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6551B4B6A2865596E7648B69E44123C73A2FB58F68F2C4131CE4CB7794CF3AE843C740
                                                                                                                                                                                                                                        Function 00007FF653F11740 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                                                        • Instruction ID: 46b773787873a1ec9d6f9cb622a8dbce207aed9c3d9cf7163182f675e7b33719
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E05164B7A3865585E7248B29E04123837A2EB45F68F2C8131CE4DB7794CF7AE843C780
                                                                                                                                                                                                                                        Function 00007FF653F11F60 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                                                        • Instruction ID: 871e902b0430e77d91d677737a5c1ff7689341ab49d5d6a93261e4dee9cb0212
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A75163B6A2865586E7648B29E04523C37A2EB54F58F284131DE4DB77A5CF3AE843C780
                                                                                                                                                                                                                                        Function 00007FF653F11B50 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                                                        • Instruction ID: 9341908ecd96565f2008030d4526b173327214c341bfd94560dda45014b65220
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB518FB6A38A5186E7248F29E04237937A2EB45F58F2C5131DE4DB7794DF3AE842C740
                                                                                                                                                                                                                                        Function 00007FF653F15D30 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                        • Instruction ID: f680b1b6124d78e89dcb6f47b244ee94407f3887d805b12d731943d45e65a3c2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1D4182F2C2D74A05E9A98918E50A6B436829F22FA0E5C52B8DD9DB73D3CD0DF597C300
                                                                                                                                                                                                                                        Function 00007FF653F19EA0 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 485612231-0
                                                                                                                                                                                                                                        • Opcode ID: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
                                                                                                                                                                                                                                        • Instruction ID: 78819cddb03ac6b3ccdc36f4981357dab9c583a99773befe4f82fd58c051b6a8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A341F5B3724A5582EF04CF6AEA156A96392BB48FD0B4D9032EE0DF7B64DE3CC4418740
                                                                                                                                                                                                                                        Function 00007FF653F180E4 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                                                        • Instruction ID: 32ffe107576c291390ea795e8daf53c340331b737842b738f452666670ac5638
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7231C772729B8281E7559F25B94213E76D6AB85FD0F184238EA4EB3BD5DF3CD0118704
                                                                                                                                                                                                                                        Function 00007FF653F29570 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
                                                                                                                                                                                                                                        • Instruction ID: f046303aa4ddd079c8f0322be66c0e870fba697a7f98bb298f5525fbb47346b0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 45F044727282958BDB988FA9A90363977D1F708780F88903AE589D3A04DE3CD0618F04
                                                                                                                                                                                                                                        Function 00007FF653F0D30C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
                                                                                                                                                                                                                                        • Instruction ID: b3e93f7ce7edf7d35f06d2f4e389fd3c7c448768222c7672ac491fa3e6065a37
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7DA0012592C94AD0E6498B14AD920352222BB54B00B880031F40EB20A09E2CE8049240
                                                                                                                                                                                                                                        Function 00007FF653F076C0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                        • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                        • API String ID: 199729137-3427451314
                                                                                                                                                                                                                                        • Opcode ID: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                                                                                                                                                                        • Instruction ID: f4c724d4b2733de1ae27d656413df9bdb38ba50ddbe1331814a0c49cf387356d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 65029624A2DB87D1FA15DB59AE169782363EF04F55B5C1035E86EF3264EF3CF9498200
                                                                                                                                                                                                                                        Function 00007FF653F081D0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F09390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF653F045F4,00000000,00007FF653F01985), ref: 00007FF653F093C9
                                                                                                                                                                                                                                        • ExpandEnvironmentStringsW.KERNEL32(?,00007FF653F086B7,?,?,00000000,00007FF653F03CBB), ref: 00007FF653F0822C
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F02810: MessageBoxW.USER32 ref: 00007FF653F028EA
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                        • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                                        • API String ID: 1662231829-930877121
                                                                                                                                                                                                                                        • Opcode ID: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
                                                                                                                                                                                                                                        • Instruction ID: 0acaf2aabfc43f91b5a51cc59f05470cc21eb9696bac7008aac95e3b113f32c0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1518A11A3CA8291FA519B29ED536BE6392AF94F80F4C4431EA4FF76D5EE3CE5048740
                                                                                                                                                                                                                                        Function 00007FF653F02180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                        • String ID: P%
                                                                                                                                                                                                                                        • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                        • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                        • Instruction ID: 992acdb7977b7af45d97ed06d82b4e00dea6ef2ef9f7e41db08701cead1773d1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC5119266187A186D6349F26E8581BAB7A2F798B61F044131EFDF93794DF3CE045CB10
                                                                                                                                                                                                                                        Function 00007FF653F080C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                                                        • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                                                        • API String ID: 3975851968-2863640275
                                                                                                                                                                                                                                        • Opcode ID: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                                                                                                                                                                        • Instruction ID: f043b7619242788457843869a2a581367632f000524ffbde10ee949c51c9dc00
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62217621B28A82C2E7528B7AFD451796252EF84F90F5C4131EE2EF33A5DE2CD9518201
                                                                                                                                                                                                                                        Function 00007FF653F16290 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID: -$:$f$p$p
                                                                                                                                                                                                                                        • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                        • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                        • Instruction ID: acfc6441fee9de5f9881966aa655447792f1e51bdd7458ad87ae18a52e98c9ff
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0B1292B2E2C24386FB245A14F15667976A3FB50F50F8C4135EA89B76C4DF7CE5809B10
                                                                                                                                                                                                                                        Function 00007FF653F10FC8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID: f$f$p$p$f
                                                                                                                                                                                                                                        • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                        • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                        • Instruction ID: 9dc5bbd1dca9f6920ef014c9968893ba528da7e6656456f35e7f4a8c0315cb09
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D11280B2E2C14386FB245A15F05667967A7FB80F50F8C4131D68AB7AC8DF3CE5808B00
                                                                                                                                                                                                                                        Function 00007FF653F01050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                        • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                        • Opcode ID: 3201fc6698c0733d934283fdf0b7fc99b444569cb26fde5c5b53d3a473a789a2
                                                                                                                                                                                                                                        • Instruction ID: 09fca9992416a3856ffa2c3fa08bf733d8e7c0bd2bda77cfaf425678c137027f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3201fc6698c0733d934283fdf0b7fc99b444569cb26fde5c5b53d3a473a789a2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B241B265B2869282EA04DB16E9026B96397FF44FC4F8C4432ED4EB7796DE3CE5418740
                                                                                                                                                                                                                                        Function 00007FF653F01470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                        • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                        • Opcode ID: b7d9ed86abc52d5975ef8ae8469ac47edc22ad97562613f38df161424eb54398
                                                                                                                                                                                                                                        • Instruction ID: aa7f794fe0d3abc7bcc3e9fb26c8ac8328d9bb5245cb7d0909fb0e5117feb772
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b7d9ed86abc52d5975ef8ae8469ac47edc22ad97562613f38df161424eb54398
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0941B235A2868286EB10DB65E9425B96392FF44F84F4C4432ED4EBBB95DF3CE542C700
                                                                                                                                                                                                                                        Function 00007FF653F0EA08 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                        • String ID: csm$csm$csm
                                                                                                                                                                                                                                        • API String ID: 849930591-393685449
                                                                                                                                                                                                                                        • Opcode ID: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                                                                                                        • Instruction ID: 20937ae9240a81b90166a4451ca9bfcdd3715f5439721db0f97a561ed1a21def
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E9D18272A18B4586EB209F69D4423AD77A1FB55B88F180135EE4EB7796DF3CE184C700
                                                                                                                                                                                                                                        Function 00007FF653F1ED10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF653F1F0AA,?,?,0000027A3E316BD8,00007FF653F1AD53,?,?,?,00007FF653F1AC4A,?,?,?,00007FF653F15F3E), ref: 00007FF653F1EE8C
                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF653F1F0AA,?,?,0000027A3E316BD8,00007FF653F1AD53,?,?,?,00007FF653F1AC4A,?,?,?,00007FF653F15F3E), ref: 00007FF653F1EE98
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                        • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                        • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                        • Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                                                                                                        • Instruction ID: 071bd3694b408cc37e9f9ea800912fbc37eba257e27765f267684b72478f3c2c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D41C2B2B29A1281EA26CB16ED116752292BF58F90F8D4539ED1DF7794EE3CE8458300
                                                                                                                                                                                                                                        Function 00007FF653F02C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF653F03706,?,00007FF653F03804), ref: 00007FF653F02C9E
                                                                                                                                                                                                                                        • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF653F03706,?,00007FF653F03804), ref: 00007FF653F02D63
                                                                                                                                                                                                                                        • MessageBoxW.USER32 ref: 00007FF653F02D99
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                                                        • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                                                        • API String ID: 3940978338-251083826
                                                                                                                                                                                                                                        • Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                                                                                                        • Instruction ID: b8ed3058ee21e3e4c39906e353a408628ba2627efaf95b954e4254417efed025
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4231F632718A4192E6209B25B9112AF6792BF88F98F440135EF4EF7759DF3CE546C700
                                                                                                                                                                                                                                        Function 00007FF653F0DCC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF653F0DF7A,?,?,?,00007FF653F0DC6C,?,?,?,00007FF653F0D869), ref: 00007FF653F0DD4D
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF653F0DF7A,?,?,?,00007FF653F0DC6C,?,?,?,00007FF653F0D869), ref: 00007FF653F0DD5B
                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF653F0DF7A,?,?,?,00007FF653F0DC6C,?,?,?,00007FF653F0D869), ref: 00007FF653F0DD85
                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF653F0DF7A,?,?,?,00007FF653F0DC6C,?,?,?,00007FF653F0D869), ref: 00007FF653F0DDF3
                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF653F0DF7A,?,?,?,00007FF653F0DC6C,?,?,?,00007FF653F0D869), ref: 00007FF653F0DDFF
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                        • String ID: api-ms-
                                                                                                                                                                                                                                        • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                        • Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                                                                                                        • Instruction ID: 9226052d53619e1c92bc451c105d5c620fe8814573ce00beb3629a298927a0e5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E931B025B2B642D1EE129B0AA8026B56396FF48FA4F5D4535FD2EB7394EF3CE4448304
                                                                                                                                                                                                                                        Function 00007FF653F06360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                        • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                                        • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                                        • Opcode ID: 2df6df0904ecf2e68063807813f252f2c523520ae69ca8fe89000ee1ae80a761
                                                                                                                                                                                                                                        • Instruction ID: ba9e228f831235ea05b0c7ec56d340b2d1b9b4ff490d714e99797dd8626da206
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2df6df0904ecf2e68063807813f252f2c523520ae69ca8fe89000ee1ae80a761
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8B41A331A28AC7D1EA21DB29E9161ED6353FF44B44F880132EA5EB3295EF3CE509C740
                                                                                                                                                                                                                                        Function 00007FF653F02A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF653F0351A,?,00000000,00007FF653F03F23), ref: 00007FF653F02AA0
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                        • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                        • API String ID: 2050909247-2900015858
                                                                                                                                                                                                                                        • Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                                                                                                                                                                        • Instruction ID: 26a7daad5ea7cc3ffdaf142eb5d782523e15aee2191c4fd3c049299c231fdc1f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA21E57262878182E7209B55F8427EA6395FB88BC4F440132FE8DB3659DF3CD5458740
                                                                                                                                                                                                                                        Function 00007FF653F1B150 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Value$ErrorLast
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2506987500-0
                                                                                                                                                                                                                                        • Opcode ID: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
                                                                                                                                                                                                                                        • Instruction ID: bc964626718184f3fae6e43929303b1400100fd321f0a291ddf8ced719947a9f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 432139B0E2C64281FAA96321EA5713992535F94FB0F1D4734E93EF7AD6DE2CE8408311
                                                                                                                                                                                                                                        Function 00007FF653F27D6C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                        • String ID: CONOUT$
                                                                                                                                                                                                                                        • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                        • Opcode ID: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                                                                                                                                                                        • Instruction ID: e0fbfa9cc806cd24f1431582f50ffafdb150362ee596ccf7a8aba58780787405
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 98118121A28B81C6E7518B52ED5632972A1FB98FE4F080234EE5DE77A4DF3CD814C740
                                                                                                                                                                                                                                        Function 00007FF653F08ED0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,00007FF653F03FB1), ref: 00007FF653F08EFD
                                                                                                                                                                                                                                        • K32EnumProcessModules.KERNEL32(?,FFFFFFFF,00000000,00007FF653F03FB1), ref: 00007FF653F08F5A
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F09390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF653F045F4,00000000,00007FF653F01985), ref: 00007FF653F093C9
                                                                                                                                                                                                                                        • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF653F03FB1), ref: 00007FF653F08FE5
                                                                                                                                                                                                                                        • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF653F03FB1), ref: 00007FF653F09044
                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF653F03FB1), ref: 00007FF653F09055
                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF653F03FB1), ref: 00007FF653F0906A
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3462794448-0
                                                                                                                                                                                                                                        • Opcode ID: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
                                                                                                                                                                                                                                        • Instruction ID: a30ccee301cd071edcc2afb0efbf19bde48f3582e714178bf7afbf3037f63af4
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C419662A2968282EA309B25E5416BA7396FB85FC4F484135DF4EF77A9EE3CD500C700
                                                                                                                                                                                                                                        Function 00007FF653F1B2C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF653F14F11,?,?,?,?,00007FF653F1A48A,?,?,?,?,00007FF653F1718F), ref: 00007FF653F1B2D7
                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF653F14F11,?,?,?,?,00007FF653F1A48A,?,?,?,?,00007FF653F1718F), ref: 00007FF653F1B30D
                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF653F14F11,?,?,?,?,00007FF653F1A48A,?,?,?,?,00007FF653F1718F), ref: 00007FF653F1B33A
                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF653F14F11,?,?,?,?,00007FF653F1A48A,?,?,?,?,00007FF653F1718F), ref: 00007FF653F1B34B
                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF653F14F11,?,?,?,?,00007FF653F1A48A,?,?,?,?,00007FF653F1718F), ref: 00007FF653F1B35C
                                                                                                                                                                                                                                        • SetLastError.KERNEL32(?,?,?,00007FF653F14F11,?,?,?,?,00007FF653F1A48A,?,?,?,?,00007FF653F1718F), ref: 00007FF653F1B377
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Value$ErrorLast
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2506987500-0
                                                                                                                                                                                                                                        • Opcode ID: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
                                                                                                                                                                                                                                        • Instruction ID: 4ea91410b490e6bf68fac156e4d35862057e319faff9bbcb4036cefdfb738ce7
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 00112970A2C64282FA59A721E65313D51439F94FB0F0C4734E82EF76D6DE6CE8518311
                                                                                                                                                                                                                                        Function 00007FF653F02910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF653F01B6A), ref: 00007FF653F0295E
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                        • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                                                        • API String ID: 2050909247-2962405886
                                                                                                                                                                                                                                        • Opcode ID: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                                                                                                                                                                        • Instruction ID: df34c0b28494ef1b2d00388d7fdac4e19bdd30582d90846334bada619d13de6b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E831F672B2868152E7109765BD422EA6296BF88BD4F480132FE8DF3759EF3CD54A8600
                                                                                                                                                                                                                                        Function 00007FF653F02390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                        • String ID: Unhandled exception in script
                                                                                                                                                                                                                                        • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                        • Opcode ID: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
                                                                                                                                                                                                                                        • Instruction ID: 79be44b85dddc023113df11613069033807477ab103eb47a75ddfe447064ba20
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BE316276A29A8185EB20DB65EC562F96361FF88B84F480135FE4EABB59DF3CD104C700
                                                                                                                                                                                                                                        Function 00007FF653F02B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF653F0918F,?,00007FF653F03C55), ref: 00007FF653F02BA0
                                                                                                                                                                                                                                        • MessageBoxW.USER32 ref: 00007FF653F02C2A
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CurrentMessageProcess
                                                                                                                                                                                                                                        • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                                                        • API String ID: 1672936522-3797743490
                                                                                                                                                                                                                                        • Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                                                                                                        • Instruction ID: 7c2059387869fcce6d7cc4df9fdbb02eccd7d2574ff235df96ef3f29615804bc
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E621D172728B8192E7109B18F9827EA63A5EB88B84F440136EE8DB7755DE3CE605C740
                                                                                                                                                                                                                                        Function 00007FF653F02710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF653F01B99), ref: 00007FF653F02760
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                        • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                        • API String ID: 2050909247-1591803126
                                                                                                                                                                                                                                        • Opcode ID: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                                                                                                                                                                        • Instruction ID: ce98ea6c16f4ff326723b041cb32cf0014382daa88ac55bcde77eb9a6cc1e09f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8121E572A2878182E710CB54F9427EA6395FB88B84F440131FE8DB3659DF3CD5458740
                                                                                                                                                                                                                                        Function 00007FF653F19A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                        • Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                                                                                                                                                                        • Instruction ID: daa0d2f3be8c2442be59623bcdfe9821358eed6bbd997794ccc0413fe8be30ed
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B5F0AF61A2860682EA108B20E88673A2322AF45B61F580235DA6EA71E4DF2CE448C380
                                                                                                                                                                                                                                        Function 00007FF653F29368 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _set_statfp
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1156100317-0
                                                                                                                                                                                                                                        • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                        • Instruction ID: 9703d76167783c5fb575d661ff5b759b089b6bfbc8d7877c04d171dd696165ac
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1119322D78A8283F6541155EEA377B1146EF58B60E8D4634FA6EB72D6CE6CEC614100
                                                                                                                                                                                                                                        Function 00007FF653F1B390 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • FlsGetValue.KERNEL32(?,?,?,00007FF653F1A5A3,?,?,00000000,00007FF653F1A83E,?,?,?,?,?,00007FF653F1A7CA), ref: 00007FF653F1B3AF
                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF653F1A5A3,?,?,00000000,00007FF653F1A83E,?,?,?,?,?,00007FF653F1A7CA), ref: 00007FF653F1B3CE
                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF653F1A5A3,?,?,00000000,00007FF653F1A83E,?,?,?,?,?,00007FF653F1A7CA), ref: 00007FF653F1B3F6
                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF653F1A5A3,?,?,00000000,00007FF653F1A83E,?,?,?,?,?,00007FF653F1A7CA), ref: 00007FF653F1B407
                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF653F1A5A3,?,?,00000000,00007FF653F1A83E,?,?,?,?,?,00007FF653F1A7CA), ref: 00007FF653F1B418
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Value
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                                                                                                                        • Opcode ID: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
                                                                                                                                                                                                                                        • Instruction ID: 18f541e539024cd57f81f37fbf3d0a8d335c6adfc4ea5bf2074248af1966963c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2112CB0E2864281FA58A725F55357A61435F94FB0F4C8334E92DF76E6DE2CE8429311
                                                                                                                                                                                                                                        Function 00007FF653F1B224 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Value
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                                                                                                                        • Opcode ID: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
                                                                                                                                                                                                                                        • Instruction ID: 5b032a4df10044c7b81aec299daad58e7a893d4ef7414d17507040fa2d939e68
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB1118B0E2824781F96A6261E95317E91834F96F30F0C4734D93EFB6D2DE2CF8449261
                                                                                                                                                                                                                                        Function 00007FF653F15FA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID: verbose
                                                                                                                                                                                                                                        • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                        • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                        • Instruction ID: 0a9fcbe41c89af17124e4e07c9234924c0d728779930db2f65a9b84dc61116c8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7791C1B2A2868681FB618E24E45237D77A2AB40F94F4C4136DE9DB73D6DF3DE4458300
                                                                                                                                                                                                                                        Function 00007FF653F1FBC8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                        • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                        • Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                                                                                                        • Instruction ID: 5ae1b06a09102a3afd436ffb9f8735c0067a37af9027b07a77e9fccff442f4c0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F481C3F2E28743A5F7749F2AE11227836A2AB11F44F5D4235CA0DF7295CF2DE9019321
                                                                                                                                                                                                                                        Function 00007FF653F0D648 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                                        • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                                        • Opcode ID: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                                                                                                                                                                        • Instruction ID: fcc51319dae6deb60fdba1faac8aff95004aebadc7e16fc9373cbc2e4518dbbe
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4951AE3AB296028ADB149F19E545A787392EB44F98F588130FE4EA7788DF7CE841C700
                                                                                                                                                                                                                                        Function 00007FF653F0EED8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                        • String ID: MOC$RCC
                                                                                                                                                                                                                                        • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                        • Opcode ID: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                                                                                                                                                                        • Instruction ID: 0682d56de363388e92362b7980be98b9844ac485552c020bb588f1dbbb6dd0d1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4961B332918BC585DB70DB19E4413AAB7A1FB94B84F084235EB9DA3B99CF7CD190CB00
                                                                                                                                                                                                                                        Function 00007FF653F0F288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                        • String ID: csm$csm
                                                                                                                                                                                                                                        • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                        • Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                                                                                                                                                                        • Instruction ID: 56941abd2664bd8c31b157f39f677493f2d328344664bd8dc16da2dcd5842a3f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3251BD36A2C382D6EB248A29D44666877A2EB54F94F1C4136DE4EB3B85CF3CE650C711
                                                                                                                                                                                                                                        Function 00007FF653F02810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Message
                                                                                                                                                                                                                                        • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                                                        • API String ID: 2030045667-255084403
                                                                                                                                                                                                                                        • Opcode ID: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                                                                                                                                                                        • Instruction ID: 04a999222a70746c0c7d364be8b68df130c8219954e718f899016f246edea655
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E21D372728B8192E7109B14F9427EA63A1EB88B84F440136EE8DB7755DE3CE645C740
                                                                                                                                                                                                                                        Function 00007FF653F1C5A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2718003287-0
                                                                                                                                                                                                                                        • Opcode ID: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                                                                                                                                                                        • Instruction ID: 4763b4581e714bb997b356c2c1174b8526cf1694c4a033573add107dc873d22f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1DD117B2B28A8189E710CF65D5412AC37B2FB54B9CB484235DE5EF7B99DE38D406C700
                                                                                                                                                                                                                                        Function 00007FF653F020C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1956198572-0
                                                                                                                                                                                                                                        • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                        • Instruction ID: f7c74b55f5a312fa4858d00aef6a8de79152446d7af487a6d4b7d8deccb88cb9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4511AC21B2C18292F6549B6DEA8667D5253EF84F80F4C4030EF4A77B99CD2DF9958210
                                                                                                                                                                                                                                        Function 00007FF653F25B1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID: ?
                                                                                                                                                                                                                                        • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                        • Opcode ID: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
                                                                                                                                                                                                                                        • Instruction ID: 78f607e3a31b59f4e8b4018db8eadc93b3270aaef731fdc461210d9f416c2e0b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BE41F822A286C285FB648725EE03379A653EB80FA4F184235FE5CA7BD5DF3CD4418700
                                                                                                                                                                                                                                        Function 00007FF653F19014 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 00007FF653F19046
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F1A948: RtlFreeHeap.NTDLL(?,?,?,00007FF653F22D22,?,?,?,00007FF653F22D5F,?,?,00000000,00007FF653F23225,?,?,?,00007FF653F23157), ref: 00007FF653F1A95E
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F1A948: GetLastError.KERNEL32(?,?,?,00007FF653F22D22,?,?,?,00007FF653F22D5F,?,?,00000000,00007FF653F23225,?,?,?,00007FF653F23157), ref: 00007FF653F1A968
                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF653F0CBA5), ref: 00007FF653F19064
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID: C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                        • API String ID: 3580290477-2783562030
                                                                                                                                                                                                                                        • Opcode ID: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
                                                                                                                                                                                                                                        • Instruction ID: f060f8f6f9d511c98753922b0b6eccdbb564bec609832f65209ed6292a8a6819
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA419072A28B0286EB55DF21EA420BD67A6EF44FD0B5D4035E94DB7B95DE3CE481C380
                                                                                                                                                                                                                                        Function 00007FF653F1CC38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                        • String ID: U
                                                                                                                                                                                                                                        • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                        • Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                                                                                                        • Instruction ID: e1772d5cc9e71db938bfdf782911552b901ea8390ff76fd54e6dcdd3ad0a1034
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7041A472B28A8185DB608F65F8453A977A2FB98B88F484135EE4DE7794EF3CD401CB40
                                                                                                                                                                                                                                        Function 00007FF653F1F5B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CurrentDirectory
                                                                                                                                                                                                                                        • String ID: :
                                                                                                                                                                                                                                        • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                        • Opcode ID: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
                                                                                                                                                                                                                                        • Instruction ID: ab398b7eae0cce1dd1b79873fdf5dbfbbc2da842efd0c57d20564e5623f47fad
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE21F5B2A3878181EB208B11E45627D73A3FB84F44F494235DA4DB3294CF7CE9458B51
                                                                                                                                                                                                                                        Function 00007FF653F0FD48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                                        • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                        • Opcode ID: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                                                                                                                                                                        • Instruction ID: 9eb52d44a8c394d540a7638ef73df33512a39ec4ca0def7851f15f1a344b6103
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EE112E32629B8182EB618F15E940259B7E5FB88F84F5C4230EF9D67754DF3CD5518740
                                                                                                                                                                                                                                        Function 00007FF653F2073C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2619950203.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2619853775.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620096190.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620201221.00007FF653F42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2620437999.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID: :
                                                                                                                                                                                                                                        • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                        • Opcode ID: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                                                                                                                                                                        • Instruction ID: e3683457a8b4c84916b4f25a4f7229632d21c6e6b26f0dd13b2b4470ffdd22f5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A4018462928643C6F7209F60AD6327E23A1EF84B44F880035E94EF7695DE3CD5048B15

                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                        Function 00007FF8E6A38A30 Relevance: 591.1, APIs: 57, Strings: 280, Instructions: 1345libraryloaderCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 0 7ff8e6a38a30-7ff8e6a38a63 PySys_GetObject 1 7ff8e6a38aa1 PyErr_Clear 0->1 2 7ff8e6a38a65-7ff8e6a38a73 PyLong_AsUnsignedLongMask 0->2 3 7ff8e6a38aa7-7ff8e6a38ab5 call 7ff8e6a440b0 1->3 2->3 4 7ff8e6a38a75-7ff8e6a38a7e PyErr_Occurred 2->4 9 7ff8e6a38abe-7ff8e6a38ac7 ?PyWinGlobals_Ensure@@YAHXZ 3->9 10 7ff8e6a38ab7-7ff8e6a38ab9 call 7ff8e6a44180 3->10 4->3 5 7ff8e6a38a80 4->5 7 7ff8e6a38a82-7ff8e6a38aa0 5->7 9->5 11 7ff8e6a38ac9-7ff8e6a38ae1 PyModule_Create2 9->11 10->9 11->5 13 7ff8e6a38ae3-7ff8e6a38af2 PyModule_GetDict 11->13 13->5 14 7ff8e6a38af4-7ff8e6a38afb call 7ff8e6a42d10 13->14 14->5 17 7ff8e6a38afd-7ff8e6a38b55 PyDict_SetItemString * 3 PyType_Ready 14->17 17->5 18 7ff8e6a38b5b-7ff8e6a38b6e PyType_Ready 17->18 18->5 19 7ff8e6a38b74-7ff8e6a38b87 PyType_Ready 18->19 19->5 20 7ff8e6a38b8d-7ff8e6a38ba0 PyType_Ready 19->20 20->5 21 7ff8e6a38ba6-7ff8e6a38c83 call 7ff8e6a79e90 _Py_NewReference PyDict_SetItemString call 7ff8e6a79e90 _Py_NewReference PyDict_SetItemString call 7ff8e6a79e90 _Py_NewReference PyDict_SetItemString call 7ff8e6a79e90 _Py_NewReference PyDict_SetItemString 20->21 30 7ff8e6a38ca1-7ff8e6a38cb6 PyDict_SetItemString 21->30 31 7ff8e6a38c85-7ff8e6a38c9c PyErr_SetString 21->31 30->5 32 7ff8e6a38cbc-7ff8e6a38cd1 PyDict_SetItemString 30->32 31->5 32->5 33 7ff8e6a38cd7-7ff8e6a38cf3 PyDict_SetItemString 32->33 33->5 34 7ff8e6a38cf9-7ff8e6a38d27 PyErr_NewException PyDict_SetItemString 33->34 34->5 35 7ff8e6a38d2d-7ff8e6a38d3b 34->35 36 7ff8e6a38d40-7ff8e6a38d54 ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z 35->36 36->5 37 7ff8e6a38d5a-7ff8e6a38d6e PyDict_SetItemString 36->37 38 7ff8e6a38d7f-7ff8e6a38d81 37->38 39 7ff8e6a38d70-7ff8e6a38d74 37->39 38->5 41 7ff8e6a38d87-7ff8e6a38d8a 38->41 39->38 40 7ff8e6a38d76-7ff8e6a38d79 _Py_Dealloc 39->40 40->38 41->36 42 7ff8e6a38d8c-7ff8e6a38d9c PyType_Ready 41->42 42->5 43 7ff8e6a38da2-7ff8e6a38db2 PyType_Ready 42->43 43->5 44 7ff8e6a38db8-7ff8e6a38dc8 PyType_Ready 43->44 44->5 45 7ff8e6a38dce-7ff8e6a38dde PyType_Ready 44->45 45->5 46 7ff8e6a38de4-7ff8e6a38df4 PyType_Ready 45->46 46->5 47 7ff8e6a38dfa-7ff8e6a38e12 PyModule_Create2 46->47 47->5 48 7ff8e6a38e18-7ff8e6a38e4b PyDict_New PyDict_SetItemString GetModuleHandleW 47->48 49 7ff8e6a38e4d-7ff8e6a38eb9 GetProcAddress * 5 48->49 50 7ff8e6a38ec0-7ff8e6a38ed0 GetModuleHandleW 48->50 49->50 51 7ff8e6a38ed2-7ff8e6a38ee2 LoadLibraryExW 50->51 52 7ff8e6a38ee4-7ff8e6a38ef4 GetProcAddress 50->52 51->52 53 7ff8e6a38efb-7ff8e6a3a398 call 7ff8e6a389c0 * 254 call 7ff8e6a312d0 51->53 52->53 564 7ff8e6a3a39a-7ff8e6a3a3c0 call 7ff8e6a389c0 * 2 53->564 565 7ff8e6a3a3c2-7ff8e6a3a3e2 call 7ff8e6a389c0 * 2 53->565 574 7ff8e6a3a3e5-7ff8e6a3a41a call 7ff8e6a389c0 ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z PyDict_SetItemString 564->574 565->574 577 7ff8e6a3a42b-7ff8e6a3a451 ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z PyDict_SetItemString 574->577 578 7ff8e6a3a41c-7ff8e6a3a420 574->578 580 7ff8e6a3a453-7ff8e6a3a457 577->580 581 7ff8e6a3a462-7ff8e6a3a488 ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z PyDict_SetItemString 577->581 578->577 579 7ff8e6a3a422-7ff8e6a3a425 _Py_Dealloc 578->579 579->577 580->581 582 7ff8e6a3a459-7ff8e6a3a45c _Py_Dealloc 580->582 583 7ff8e6a3a48a-7ff8e6a3a48e 581->583 584 7ff8e6a3a499-7ff8e6a3a49c 581->584 582->581 583->584 585 7ff8e6a3a490-7ff8e6a3a493 _Py_Dealloc 583->585 584->7 585->584
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dict_String$Item$ReadyType_$AddressProc$DeallocFrom$D@@@Err_Object_ReferenceU_object@@$HandleModuleModule_$Create2LongLong_$ClearDictEnsure@@ExceptionGlobals_LibraryLoadMaskObjectOccurredSys_Unsigned
                                                                                                                                                                                                                                        • String ID: ACTIVEOBJECT_STRONG$ACTIVEOBJECT_WEAK$ArgNotFound$CLSCTX_ALL$CLSCTX_INPROC$CLSCTX_INPROC_HANDLER$CLSCTX_INPROC_SERVER$CLSCTX_LOCAL_SERVER$CLSCTX_REMOTE_SERVER$CLSCTX_SERVER$COINIT_APARTMENTTHREADED$COINIT_DISABLE_OLE1DDE$COINIT_MULTITHREADED$COINIT_SPEED_OVER_MEMORY$COWAIT_ALERTABLE$COWAIT_WAITALL$CoCreateInstanceEx$CoGetCancelObject$CoGetObjectContext$CoInitializeSecurity$CoWaitForMultipleHandles$CreateURLMonikerEx$DATADIR_GET$DATADIR_SET$DESCKIND_FUNCDESC$DESCKIND_VARDESC$DISPATCH_METHOD$DISPATCH_PROPERTYGET$DISPATCH_PROPERTYPUT$DISPATCH_PROPERTYPUTREF$DISPID_COLLECT$DISPID_CONSTRUCTOR$DISPID_DESTRUCTOR$DISPID_EVALUATE$DISPID_NEWENUM$DISPID_PROPERTYPUT$DISPID_STARTENUM$DISPID_THIS$DISPID_UNKNOWN$DISPID_VALUE$DVASPECT_CONTENT$DVASPECT_DOCPRINT$DVASPECT_ICON$DVASPECT_THUMBNAIL$EOAC_ACCESS_CONTROL$EOAC_ANY_AUTHORITY$EOAC_APPID$EOAC_AUTO_IMPERSONATE$EOAC_DEFAULT$EOAC_DISABLE_AAA$EOAC_DYNAMIC$EOAC_DYNAMIC_CLOAKING$EOAC_MAKE_FULLSIC$EOAC_MUTUAL_AUTH$EOAC_NONE$EOAC_NO_CUSTOM_MARSHAL$EOAC_REQUIRE_FULLSIC$EOAC_SECURE_REFS$EOAC_STATIC_CLOAKING$EXTCONN_CALLABLE$EXTCONN_STRONG$EXTCONN_WEAK$Empty$FMTID_DocSummaryInformation$FMTID_SummaryInformation$FMTID_UserDefinedProperties$FUNCFLAG_FBINDABLE$FUNCFLAG_FDEFAULTBIND$FUNCFLAG_FDISPLAYBIND$FUNCFLAG_FHIDDEN$FUNCFLAG_FREQUESTEDIT$FUNCFLAG_FRESTRICTED$FUNCFLAG_FSOURCE$FUNCFLAG_FUSESGETLASTERROR$FUNC_DISPATCH$FUNC_NONVIRTUAL$FUNC_PUREVIRTUAL$FUNC_STATIC$FUNC_VIRTUAL$IDLFLAG_FIN$IDLFLAG_FLCID$IDLFLAG_FOUT$IDLFLAG_FRETVAL$IDLFLAG_NONE$IMPLTYPEFLAG_FDEFAULT$IMPLTYPEFLAG_FRESTRICTED$IMPLTYPEFLAG_FSOURCE$INVOKE_FUNC$INVOKE_PROPERTYGET$INVOKE_PROPERTYPUT$INVOKE_PROPERTYPUTREF$InterfaceNames$MKSYS_ANTIMONIKER$MKSYS_CLASSMONIKER$MKSYS_FILEMONIKER$MKSYS_GENERICCOMPOSITE$MKSYS_ITEMMONIKER$MKSYS_NONE$MKSYS_POINTERMONIKER$MSHCTX_DIFFERENTMACHINE$MSHCTX_INPROC$MSHCTX_LOCAL$MSHCTX_NOSHAREDMEM$MSHLFLAGS_NOPING$MSHLFLAGS_NORMAL$MSHLFLAGS_TABLESTRONG$MSHLFLAGS_TABLEWEAK$Missing$Nothing$PARAMFLAG_FHASDEFAULT$PARAMFLAG_FIN$PARAMFLAG_FLCID$PARAMFLAG_FOPT$PARAMFLAG_FOUT$PARAMFLAG_FRETVAL$PARAMFLAG_NONE$REGCLS_MULTIPLEUSE$REGCLS_MULTI_SEPARATE$REGCLS_SINGLEUSE$REGCLS_SUSPENDED$ROTFLAGS_ALLOWANYCLIENT$ROTFLAGS_REGISTRATIONKEEPSALIVE$RPC_C_AUTHN_DCE_PRIVATE$RPC_C_AUTHN_DCE_PUBLIC$RPC_C_AUTHN_DEC_PUBLIC$RPC_C_AUTHN_DEFAULT$RPC_C_AUTHN_DPA$RPC_C_AUTHN_GSS_KERBEROS$RPC_C_AUTHN_GSS_NEGOTIATE$RPC_C_AUTHN_GSS_SCHANNEL$RPC_C_AUTHN_LEVEL_CALL$RPC_C_AUTHN_LEVEL_CONNECT$RPC_C_AUTHN_LEVEL_DEFAULT$RPC_C_AUTHN_LEVEL_NONE$RPC_C_AUTHN_LEVEL_PKT$RPC_C_AUTHN_LEVEL_PKT_INTEGRITY$RPC_C_AUTHN_LEVEL_PKT_PRIVACY$RPC_C_AUTHN_MQ$RPC_C_AUTHN_MSN$RPC_C_AUTHN_NONE$RPC_C_AUTHN_WINNT$RPC_C_AUTHZ_DCE$RPC_C_AUTHZ_DEFAULT$RPC_C_AUTHZ_NAME$RPC_C_AUTHZ_NONE$RPC_C_IMP_LEVEL_ANONYMOUS$RPC_C_IMP_LEVEL_DEFAULT$RPC_C_IMP_LEVEL_DELEGATE$RPC_C_IMP_LEVEL_IDENTIFY$RPC_C_IMP_LEVEL_IMPERSONATE$STDOLE2_LCID$STDOLE2_MAJORVERNUM$STDOLE2_MINORVERNUM$STDOLE_LCID$STDOLE_MAJORVERNUM$STDOLE_MINORVERNUM$STREAM_SEEK_CUR$STREAM_SEEK_END$STREAM_SEEK_SET$SYS_MAC$SYS_WIN16$SYS_WIN32$ServerInterfaces$TKIND_ALIAS$TKIND_COCLASS$TKIND_DISPATCH$TKIND_ENUM$TKIND_INTERFACE$TKIND_MODULE$TKIND_RECORD$TKIND_UNION$TYMED_ENHMF$TYMED_FILE$TYMED_GDI$TYMED_HGLOBAL$TYMED_ISTORAGE$TYMED_ISTREAM$TYMED_MFPICT$TYMED_NULL$TYPEFLAG_FAGGREGATABLE$TYPEFLAG_FAPPOBJECT$TYPEFLAG_FCANCREATE$TYPEFLAG_FCONTROL$TYPEFLAG_FDISPATCHABLE$TYPEFLAG_FDUAL$TYPEFLAG_FHIDDEN$TYPEFLAG_FLICENSED$TYPEFLAG_FNONEXTENSIBLE$TYPEFLAG_FOLEAUTOMATION$TYPEFLAG_FPREDECLID$TYPEFLAG_FREPLACEABLE$TYPEFLAG_FRESTRICTED$TYPEFLAG_FREVERSEBIND$TypeIIDs$URL_MK_LEGACY$URL_MK_UNIFORM$VARFLAG_FREADONLY$VAR_CONST$VAR_DISPATCH$VAR_PERINSTANCE$VAR_STATIC$VT_ARRAY$VT_BLOB$VT_BLOB_OBJECT$VT_BOOL$VT_BSTR$VT_BSTR_BLOB$VT_BYREF$VT_CARRAY$VT_CF$VT_CLSID$VT_CY$VT_DATE$VT_DECIMAL$VT_DISPATCH$VT_EMPTY$VT_ERROR$VT_FILETIME$VT_HRESULT$VT_I1$VT_I2$VT_I4$VT_I8$VT_ILLEGAL$VT_ILLEGALMASKED$VT_INT$VT_LPSTR$VT_LPWSTR$VT_NULL$VT_PTR$VT_R4$VT_R8$VT_RECORD$VT_RESERVED$VT_SAFEARRAY$VT_STORAGE$VT_STORED_OBJECT$VT_STREAM$VT_STREAMED_OBJECT$VT_TYPEMASK$VT_UI1$VT_UI2$VT_UI4$VT_UI8$VT_UINT$VT_UNKNOWN$VT_USERDEFINED$VT_VARIANT$VT_VECTOR$VT_VOID$_univgw$can't define ole_error$coinit_flags$com_error$dcom$error$fdexNameCaseInsensitive$fdexNameCaseSensitive$fdexNameEnsure$fdexNameImplicit$fdexPropCanCall$fdexPropCanConstruct$fdexPropCanGet$fdexPropCanPut$fdexPropCanPutRef$fdexPropCanSourceEvents$fdexPropCannotCall$fdexPropCannotConstruct$fdexPropCannotGet$fdexPropCannotPut$fdexPropCannotPutRef$fdexPropCannotSourceEvents$fdexPropDynamicType$fdexPropNoSideEffects$frozen$internal_error$ole32.dll$ole_error$pythoncom.internal_error$urlmon.dll
                                                                                                                                                                                                                                        • API String ID: 1000972437-3953899047
                                                                                                                                                                                                                                        • Opcode ID: 50b178b6dc7987ebe6360e7943940d86408c5d0eb80b93197e5c57d2a6e1887f
                                                                                                                                                                                                                                        • Instruction ID: d35c292896db314b6dfa86b9770e9931c92ed6fd4959ec357605868fe7860e85
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 50b178b6dc7987ebe6360e7943940d86408c5d0eb80b93197e5c57d2a6e1887f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F7D21764F7C61340FA14AB96E6973BC1322AF46BE0F815435DC4D0BBA69F6EE2058743
                                                                                                                                                                                                                                        Function 00007FF8E69FEFE0 Relevance: 306.6, APIs: 93, Strings: 82, Instructions: 391libraryloaderCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2625919470.00007FF8E69F1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FF8E69F0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625872770.00007FF8E69F0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625975165.00007FF8E6A03000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626024195.00007FF8E6A0E000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626091431.00007FF8E6A11000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e69f0000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Module_$Constant$AddressProc$Dict_ItemString$HandleLibraryLoadModule$FromLongLong_$CallerCreate2DictEnsure@@Globals_ReadyType_
                                                                                                                                                                                                                                        • String ID: Advapi32.dll$ChangeDisplaySettingsExW$EnumDisplayDevicesW$EnumDisplayMonitors$EnumDisplaySettingsExW$GetComputerNameExW$GetComputerObjectNameW$GetDllDirectoryW$GetHandleInformation$GetLastInputInfo$GetLongPathNameA$GetLongPathNameW$GetMonitorInfoW$GetNativeSystemInfo$GetSystemFileCacheSize$GetUserNameExW$GlobalMemoryStatusEx$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$NameCanonical$NameCanonicalEx$NameDisplay$NameFullyQualifiedDN$NameSamCompatible$NameServicePrincipal$NameUniqueId$NameUnknown$NameUserPrincipal$PyDISPLAY_DEVICEType$REG_NOTIFY_CHANGE_ATTRIBUTES$REG_NOTIFY_CHANGE_LAST_SET$REG_NOTIFY_CHANGE_NAME$REG_NOTIFY_CHANGE_SECURITY$RegCopyTreeW$RegCreateKeyTransactedW$RegDeleteKeyExW$RegDeleteKeyTransactedW$RegDeleteTreeW$RegOpenCurrentUser$RegOpenKeyTransactedW$RegOverridePredefKey$RegRestoreKeyW$RegSaveKeyExW$STD_ERROR_HANDLE$STD_INPUT_HANDLE$STD_OUTPUT_HANDLE$SetDllDirectoryW$SetHandleInformation$SetSystemFileCacheSize$SetSystemPowerState$VFT_APP$VFT_DLL$VFT_DRV$VFT_FONT$VFT_STATIC_LIB$VFT_UNKNOWN$VFT_VXD$VOS_DOS$VOS_DOS_WINDOWS16$VOS_DOS_WINDOWS32$VOS_NT$VOS_NT_WINDOWS32$VOS_OS216$VOS_OS216_PM16$VOS_OS232$VOS_OS232_PM32$VOS_UNKNOWN$VOS__PM16$VOS__PM32$VOS__WINDOWS16$VOS__WINDOWS32$VS_FF_DEBUG$VS_FF_INFOINFERRED$VS_FF_PATCHED$VS_FF_PRERELEASE$VS_FF_PRIVATEBUILD$VS_FF_SPECIALBUILD$error$kernel32.dll$secur32.dll$user32.dll
                                                                                                                                                                                                                                        • API String ID: 1655756704-685172649
                                                                                                                                                                                                                                        • Opcode ID: a7487b2dee23a116e8347555e7407e29fd53b6a731b5dd2c7359c43d764bff69
                                                                                                                                                                                                                                        • Instruction ID: 7856379488970614fe69515d86eb39ebdab581d62b2b2d19482d7ac509bc6842
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a7487b2dee23a116e8347555e7407e29fd53b6a731b5dd2c7359c43d764bff69
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4422F464F29B0391EA849B95E99A3743BA1FF5ABD0F845035C80E47760AF7DE189C343
                                                                                                                                                                                                                                        Function 00007FF8E6A31330 Relevance: 68.5, APIs: 31, Strings: 8, Instructions: 260threadcomCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 776 7ff8e6a31330-7ff8e6a31384 PyArg_ParseTuple 777 7ff8e6a3138a-7ff8e6a3139c ?PyWinObject_AsIID@@YAHPEAU_object@@PEAU_GUID@@@Z 776->777 778 7ff8e6a3150f 776->778 777->778 779 7ff8e6a313a2-7ff8e6a313b4 ?PyWinObject_AsIID@@YAHPEAU_object@@PEAU_GUID@@@Z 777->779 780 7ff8e6a31511-7ff8e6a31533 call 7ff8e6a79e60 778->780 779->778 781 7ff8e6a313ba-7ff8e6a313c6 779->781 784 7ff8e6a313c8-7ff8e6a313cf 781->784 785 7ff8e6a313d4-7ff8e6a313e6 PyObject_IsInstance 781->785 786 7ff8e6a31615-7ff8e6a31651 PyEval_SaveThread CoCreateInstance 784->786 787 7ff8e6a314da-7ff8e6a314f0 PyObject_GetAttrString 785->787 788 7ff8e6a313ec-7ff8e6a313f1 785->788 789 7ff8e6a31659-7ff8e6a31664 PyEval_RestoreThread 786->789 790 7ff8e6a31653 786->790 793 7ff8e6a314f2-7ff8e6a31509 PyErr_Clear PyErr_SetString 787->793 794 7ff8e6a31534-7ff8e6a3153d 787->794 791 7ff8e6a3141c-7ff8e6a31423 788->791 792 7ff8e6a313f3-7ff8e6a313fc PyErr_Occurred 788->792 797 7ff8e6a3167b-7ff8e6a31683 789->797 798 7ff8e6a31666-7ff8e6a31676 call 7ff8e6a24cc0 789->798 790->789 801 7ff8e6a31434-7ff8e6a31446 PyObject_IsInstance 791->801 802 7ff8e6a31425 791->802 799 7ff8e6a313fe-7ff8e6a3140f PyErr_SetString 792->799 800 7ff8e6a31415-7ff8e6a31417 792->800 793->778 795 7ff8e6a3153f-7ff8e6a31547 794->795 796 7ff8e6a3154c-7ff8e6a3155e PyObject_IsInstance 794->796 806 7ff8e6a315fa-7ff8e6a315fc 795->806 807 7ff8e6a31583-7ff8e6a31592 796->807 808 7ff8e6a31560-7ff8e6a31581 PyErr_Format 796->808 810 7ff8e6a316a8-7ff8e6a316b9 ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z 797->810 811 7ff8e6a31685-7ff8e6a31691 797->811 798->780 799->800 812 7ff8e6a3160d-7ff8e6a3160f 800->812 804 7ff8e6a31448-7ff8e6a31469 PyErr_Format 801->804 805 7ff8e6a3146e-7ff8e6a31475 801->805 803 7ff8e6a3142a-7ff8e6a3142f 802->803 803->812 804->812 814 7ff8e6a31492-7ff8e6a314bd PyEval_SaveThread PyEval_RestoreThread 805->814 815 7ff8e6a31477-7ff8e6a3148d PyErr_SetString 805->815 806->812 813 7ff8e6a315fe-7ff8e6a31602 806->813 816 7ff8e6a315ac-7ff8e6a315d7 PyEval_SaveThread PyEval_RestoreThread 807->816 817 7ff8e6a31594-7ff8e6a315aa PyErr_SetString 807->817 808->806 821 7ff8e6a316bb-7ff8e6a316d1 PyDict_GetItem 810->821 822 7ff8e6a31704-7ff8e6a31722 PyEval_SaveThread PyEval_RestoreThread 810->822 819 7ff8e6a31767-7ff8e6a3176a 811->819 820 7ff8e6a31697-7ff8e6a316a3 811->820 812->778 812->786 813->812 823 7ff8e6a31604-7ff8e6a31607 _Py_Dealloc 813->823 814->803 836 7ff8e6a314c3-7ff8e6a314d5 call 7ff8e6a24cc0 814->836 815->812 837 7ff8e6a315d9-7ff8e6a315eb call 7ff8e6a24cc0 816->837 838 7ff8e6a315ed 816->838 824 7ff8e6a315f2 817->824 819->780 820->780 825 7ff8e6a316e2-7ff8e6a316e5 821->825 826 7ff8e6a316d3-7ff8e6a316d7 821->826 822->780 823->812 824->806 828 7ff8e6a31727-7ff8e6a31739 PyObject_IsSubclass 825->828 829 7ff8e6a316e7-7ff8e6a316ed PyErr_Clear 825->829 826->825 827 7ff8e6a316d9-7ff8e6a316dc _Py_Dealloc 826->827 827->825 834 7ff8e6a3173b-7ff8e6a31742 828->834 835 7ff8e6a31744-7ff8e6a3174e 828->835 833 7ff8e6a316f4-7ff8e6a316fe PyErr_SetString 829->833 833->822 834->833 840 7ff8e6a31759-7ff8e6a31761 835->840 841 7ff8e6a31750-7ff8e6a31757 835->841 836->812 837->824 838->824 840->819 846 7ff8e6a31763 840->846 841->833 846->819
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_Eval_Object_Thread$D@@@InstanceRestoreSaveStringU_object@@$Dealloc$Arg_ClearCreateDict_FormatFromItemOccurredParseSubclassTuple
                                                                                                                                                                                                                                        • String ID: OOiO:CoCreateInstance$The Python IID map is invalid - the value is not an interface type object$The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$_oleobj_$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                        • API String ID: 490376945-835438780
                                                                                                                                                                                                                                        • Opcode ID: e0db31c0a3172582a73f09f7ddf91617fb67f09ea01f749cd19af58f17944bb1
                                                                                                                                                                                                                                        • Instruction ID: 1198dfe1b54649b5c17e2586614596680139e234056b2402a3863f1369ee6e7d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e0db31c0a3172582a73f09f7ddf91617fb67f09ea01f749cd19af58f17944bb1
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FCC11865F68A43C2EA109BA5E85A37973A1FF88BD5F484436CE5E47664DF3CF8048702
                                                                                                                                                                                                                                        Function 00007FF653F01000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 511COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 847 7ff653f01000-7ff653f03806 call 7ff653f0fe18 call 7ff653f0fe20 call 7ff653f0c850 call 7ff653f153f0 call 7ff653f15484 call 7ff653f036b0 861 7ff653f03814-7ff653f03836 call 7ff653f01950 847->861 862 7ff653f03808-7ff653f0380f 847->862 868 7ff653f0383c-7ff653f03856 call 7ff653f01c80 861->868 869 7ff653f0391b-7ff653f03931 call 7ff653f045c0 861->869 863 7ff653f03c97-7ff653f03cb2 call 7ff653f0c550 862->863 873 7ff653f0385b-7ff653f0389b call 7ff653f08830 868->873 875 7ff653f03933-7ff653f03960 call 7ff653f07f90 869->875 876 7ff653f0396a-7ff653f0397f call 7ff653f02710 869->876 880 7ff653f038c1-7ff653f038cc call 7ff653f14f30 873->880 881 7ff653f0389d-7ff653f038a3 873->881 887 7ff653f03984-7ff653f039a6 call 7ff653f01c80 875->887 888 7ff653f03962-7ff653f03965 call 7ff653f1004c 875->888 889 7ff653f03c8f 876->889 896 7ff653f038d2-7ff653f038e1 call 7ff653f08830 880->896 897 7ff653f039fc-7ff653f03a2a call 7ff653f08940 call 7ff653f089a0 * 3 880->897 884 7ff653f038a5-7ff653f038ad 881->884 885 7ff653f038af-7ff653f038bd call 7ff653f089a0 881->885 884->885 885->880 898 7ff653f039b0-7ff653f039b9 887->898 888->876 889->863 905 7ff653f039f4-7ff653f039f7 call 7ff653f14f30 896->905 906 7ff653f038e7-7ff653f038ed 896->906 922 7ff653f03a2f-7ff653f03a3e call 7ff653f08830 897->922 898->898 901 7ff653f039bb-7ff653f039d8 call 7ff653f01950 898->901 901->873 913 7ff653f039de-7ff653f039ef call 7ff653f02710 901->913 905->897 910 7ff653f038f0-7ff653f038fc 906->910 914 7ff653f03905-7ff653f03908 910->914 915 7ff653f038fe-7ff653f03903 910->915 913->889 914->905 917 7ff653f0390e-7ff653f03916 call 7ff653f14f30 914->917 915->910 915->914 917->922 926 7ff653f03b45-7ff653f03b53 922->926 927 7ff653f03a44-7ff653f03a47 922->927 928 7ff653f03b59-7ff653f03b5d 926->928 929 7ff653f03a67 926->929 927->926 930 7ff653f03a4d-7ff653f03a50 927->930 931 7ff653f03a6b-7ff653f03a90 call 7ff653f14f30 928->931 929->931 932 7ff653f03b14-7ff653f03b17 930->932 933 7ff653f03a56-7ff653f03a5a 930->933 942 7ff653f03a92-7ff653f03aa6 call 7ff653f08940 931->942 943 7ff653f03aab-7ff653f03ac0 931->943 935 7ff653f03b2f-7ff653f03b40 call 7ff653f02710 932->935 936 7ff653f03b19-7ff653f03b1d 932->936 933->932 934 7ff653f03a60 933->934 934->929 946 7ff653f03c7f-7ff653f03c87 935->946 936->935 938 7ff653f03b1f-7ff653f03b2a 936->938 938->931 942->943 944 7ff653f03be8-7ff653f03bfa call 7ff653f08830 943->944 945 7ff653f03ac6-7ff653f03aca 943->945 954 7ff653f03c2e 944->954 955 7ff653f03bfc-7ff653f03c02 944->955 949 7ff653f03ad0-7ff653f03ae8 call 7ff653f15250 945->949 950 7ff653f03bcd-7ff653f03be2 call 7ff653f01940 945->950 946->889 960 7ff653f03b62-7ff653f03b7a call 7ff653f15250 949->960 961 7ff653f03aea-7ff653f03b02 call 7ff653f15250 949->961 950->944 950->945 962 7ff653f03c31-7ff653f03c40 call 7ff653f14f30 954->962 958 7ff653f03c04-7ff653f03c1c 955->958 959 7ff653f03c1e-7ff653f03c2c 955->959 958->962 959->962 969 7ff653f03b7c-7ff653f03b80 960->969 970 7ff653f03b87-7ff653f03b9f call 7ff653f15250 960->970 961->950 971 7ff653f03b08-7ff653f03b0f 961->971 972 7ff653f03d41-7ff653f03d63 call 7ff653f044e0 962->972 973 7ff653f03c46-7ff653f03c4a 962->973 969->970 982 7ff653f03ba1-7ff653f03ba5 970->982 983 7ff653f03bac-7ff653f03bc4 call 7ff653f15250 970->983 971->950 986 7ff653f03d65-7ff653f03d6f call 7ff653f04630 972->986 987 7ff653f03d71-7ff653f03d82 call 7ff653f01c80 972->987 975 7ff653f03cd4-7ff653f03ce6 call 7ff653f08830 973->975 976 7ff653f03c50-7ff653f03c5f call 7ff653f090e0 973->976 993 7ff653f03d35-7ff653f03d3c 975->993 994 7ff653f03ce8-7ff653f03ceb 975->994 991 7ff653f03cb3-7ff653f03cbd call 7ff653f08660 976->991 992 7ff653f03c61 976->992 982->983 983->950 1006 7ff653f03bc6 983->1006 997 7ff653f03d87-7ff653f03d96 986->997 987->997 1011 7ff653f03cbf-7ff653f03cc6 991->1011 1012 7ff653f03cc8-7ff653f03ccf 991->1012 1000 7ff653f03c68 call 7ff653f02710 992->1000 993->1000 994->993 995 7ff653f03ced-7ff653f03d10 call 7ff653f01c80 994->995 1013 7ff653f03d12-7ff653f03d26 call 7ff653f02710 call 7ff653f14f30 995->1013 1014 7ff653f03d2b-7ff653f03d33 call 7ff653f14f30 995->1014 1003 7ff653f03dc4-7ff653f03dda call 7ff653f09390 997->1003 1004 7ff653f03d98-7ff653f03d9f 997->1004 1007 7ff653f03c6d-7ff653f03c77 1000->1007 1019 7ff653f03ddc 1003->1019 1020 7ff653f03de8-7ff653f03e04 SetDllDirectoryW 1003->1020 1004->1003 1009 7ff653f03da1-7ff653f03da5 1004->1009 1006->950 1007->946 1009->1003 1015 7ff653f03da7-7ff653f03dbe SetDllDirectoryW LoadLibraryExW 1009->1015 1011->1000 1012->997 1013->1007 1014->997 1015->1003 1019->1020 1023 7ff653f03f01-7ff653f03f08 1020->1023 1024 7ff653f03e0a-7ff653f03e19 call 7ff653f08830 1020->1024 1026 7ff653f03f0e-7ff653f03f15 1023->1026 1027 7ff653f04008-7ff653f04010 1023->1027 1034 7ff653f03e32-7ff653f03e3c call 7ff653f14f30 1024->1034 1035 7ff653f03e1b-7ff653f03e21 1024->1035 1026->1027 1031 7ff653f03f1b-7ff653f03f25 call 7ff653f033c0 1026->1031 1032 7ff653f04035-7ff653f04040 call 7ff653f036a0 call 7ff653f03360 1027->1032 1033 7ff653f04012-7ff653f0402f PostMessageW GetMessageW 1027->1033 1031->1007 1045 7ff653f03f2b-7ff653f03f3f call 7ff653f090c0 1031->1045 1046 7ff653f04045-7ff653f04067 call 7ff653f03670 call 7ff653f06fc0 call 7ff653f06d70 1032->1046 1033->1032 1047 7ff653f03ef2-7ff653f03efc call 7ff653f08940 1034->1047 1048 7ff653f03e42-7ff653f03e48 1034->1048 1039 7ff653f03e23-7ff653f03e2b 1035->1039 1040 7ff653f03e2d-7ff653f03e2f 1035->1040 1039->1040 1040->1034 1054 7ff653f03f64-7ff653f03fa7 call 7ff653f08940 call 7ff653f089e0 call 7ff653f06fc0 call 7ff653f06d70 call 7ff653f088e0 1045->1054 1055 7ff653f03f41-7ff653f03f5e PostMessageW GetMessageW 1045->1055 1047->1023 1048->1047 1052 7ff653f03e4e-7ff653f03e54 1048->1052 1057 7ff653f03e5f-7ff653f03e61 1052->1057 1058 7ff653f03e56-7ff653f03e58 1052->1058 1096 7ff653f03ff5-7ff653f04003 call 7ff653f01900 1054->1096 1097 7ff653f03fa9-7ff653f03fbf call 7ff653f08ed0 call 7ff653f088e0 1054->1097 1055->1054 1057->1023 1062 7ff653f03e67-7ff653f03e83 call 7ff653f06dc0 call 7ff653f07340 1057->1062 1061 7ff653f03e5a 1058->1061 1058->1062 1061->1023 1074 7ff653f03e85-7ff653f03e8c 1062->1074 1075 7ff653f03e8e-7ff653f03e95 1062->1075 1077 7ff653f03edb-7ff653f03ef0 call 7ff653f02a50 call 7ff653f06fc0 call 7ff653f06d70 1074->1077 1078 7ff653f03eaf-7ff653f03eb9 call 7ff653f071b0 1075->1078 1079 7ff653f03e97-7ff653f03ea4 call 7ff653f06e00 1075->1079 1077->1023 1091 7ff653f03ec4-7ff653f03ed2 call 7ff653f074f0 1078->1091 1092 7ff653f03ebb-7ff653f03ec2 1078->1092 1079->1078 1090 7ff653f03ea6-7ff653f03ead 1079->1090 1090->1077 1091->1023 1104 7ff653f03ed4 1091->1104 1092->1077 1096->1007 1097->1096 1108 7ff653f03fc1-7ff653f03fd6 1097->1108 1104->1077 1109 7ff653f03ff0 call 7ff653f02a50 1108->1109 1110 7ff653f03fd8-7ff653f03feb call 7ff653f02710 call 7ff653f01900 1108->1110 1109->1096 1110->1007
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2625625066.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625581474.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625680575.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625820472.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                        • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                                                        • API String ID: 2776309574-4232158417
                                                                                                                                                                                                                                        • Opcode ID: d52c1960cc45de78c26c9f57622ace5a14626686e839aa839f1fc42fe00fc1f1
                                                                                                                                                                                                                                        • Instruction ID: 6f1148d2599242c5b2dfd5bd3867833bb3dda389e09b1707573d3dbd7b3c30f2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d52c1960cc45de78c26c9f57622ace5a14626686e839aa839f1fc42fe00fc1f1
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59327121A2C68291FB15DB69D9573B966A3AF44F44F8C4032DA5EF32D6EF2CE558C300
                                                                                                                                                                                                                                        Function 00007FF653F26964 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 1566 7ff653f26964-7ff653f269d7 call 7ff653f26698 1569 7ff653f269d9-7ff653f269e2 call 7ff653f14ee8 1566->1569 1570 7ff653f269f1-7ff653f269fb call 7ff653f18520 1566->1570 1575 7ff653f269e5-7ff653f269ec call 7ff653f14f08 1569->1575 1576 7ff653f26a16-7ff653f26a7f CreateFileW 1570->1576 1577 7ff653f269fd-7ff653f26a14 call 7ff653f14ee8 call 7ff653f14f08 1570->1577 1592 7ff653f26d32-7ff653f26d52 1575->1592 1578 7ff653f26afc-7ff653f26b07 GetFileType 1576->1578 1579 7ff653f26a81-7ff653f26a87 1576->1579 1577->1575 1585 7ff653f26b09-7ff653f26b44 GetLastError call 7ff653f14e7c CloseHandle 1578->1585 1586 7ff653f26b5a-7ff653f26b61 1578->1586 1582 7ff653f26ac9-7ff653f26af7 GetLastError call 7ff653f14e7c 1579->1582 1583 7ff653f26a89-7ff653f26a8d 1579->1583 1582->1575 1583->1582 1590 7ff653f26a8f-7ff653f26ac7 CreateFileW 1583->1590 1585->1575 1601 7ff653f26b4a-7ff653f26b55 call 7ff653f14f08 1585->1601 1588 7ff653f26b69-7ff653f26b6c 1586->1588 1589 7ff653f26b63-7ff653f26b67 1586->1589 1596 7ff653f26b72-7ff653f26bc7 call 7ff653f18438 1588->1596 1597 7ff653f26b6e 1588->1597 1589->1596 1590->1578 1590->1582 1604 7ff653f26be6-7ff653f26c17 call 7ff653f26418 1596->1604 1605 7ff653f26bc9-7ff653f26bd5 call 7ff653f268a0 1596->1605 1597->1596 1601->1575 1611 7ff653f26c19-7ff653f26c1b 1604->1611 1612 7ff653f26c1d-7ff653f26c5f 1604->1612 1605->1604 1613 7ff653f26bd7 1605->1613 1614 7ff653f26bd9-7ff653f26be1 call 7ff653f1aac0 1611->1614 1615 7ff653f26c81-7ff653f26c8c 1612->1615 1616 7ff653f26c61-7ff653f26c65 1612->1616 1613->1614 1614->1592 1618 7ff653f26d30 1615->1618 1619 7ff653f26c92-7ff653f26c96 1615->1619 1616->1615 1617 7ff653f26c67-7ff653f26c7c 1616->1617 1617->1615 1618->1592 1619->1618 1621 7ff653f26c9c-7ff653f26ce1 CloseHandle CreateFileW 1619->1621 1623 7ff653f26d16-7ff653f26d2b 1621->1623 1624 7ff653f26ce3-7ff653f26d11 GetLastError call 7ff653f14e7c call 7ff653f18660 1621->1624 1623->1618 1624->1623
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2625625066.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625581474.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625680575.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625820472.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1617910340-0
                                                                                                                                                                                                                                        • Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                                                        • Instruction ID: c0df3d7ab4698e2bc700680b1ac1df8c4526abcf32db50eed6dd3cc41c0dc4ea
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0EC1A036B28A86C5EB10CFA5D9926AC3762F749F98B094235EE1EB7794CF38D451C700
                                                                                                                                                                                                                                        Function 00007FF653F09280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2625625066.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625581474.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625680575.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625820472.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2295610775-0
                                                                                                                                                                                                                                        • Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                                                        • Instruction ID: 25c36eecb776269812dfb5f67d1a7147d46a34bf3760cb8077b9a7a8e6296dde
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 63F0CD22A2C74187F7A08B54B8967667351AB44B24F080335D96E736D4DF3CD058CA00
                                                                                                                                                                                                                                        Function 00007FF8E6A2B360 Relevance: 93.5, APIs: 47, Strings: 6, Instructions: 727COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$LongLong_$Object_Size$ClearDeallocFormatOccurredString
                                                                                                                                                                                                                                        • String ID: Allocating ArgHelpers array$The Python object is invalid$The array of argument types must be a tuple whose size is <= to the number of arguments.$The return type information could not be parsed$not enough arguments (at least 5 needed)$value
                                                                                                                                                                                                                                        • API String ID: 2033694642-4244552354
                                                                                                                                                                                                                                        • Opcode ID: eec55bf21228184a5226df997738aaa74b7416cdae626d13d11f0294432222ce
                                                                                                                                                                                                                                        • Instruction ID: 84d999f1ca7668f69a8e91cd33fd96b5c44b6c1f41129ca58b91bf598404efc5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eec55bf21228184a5226df997738aaa74b7416cdae626d13d11f0294432222ce
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82627932F28A428AEB148FA5D8467B867A4FB45BD8F544236DE1E63B94DF3CE444C701
                                                                                                                                                                                                                                        Function 00007FF8E6A32950 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 126threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 1116 7ff8e6a32950-7ff8e6a3297a PyArg_ParseTuple 1117 7ff8e6a32980-7ff8e6a32992 ?PyWinObject_AsIID@@YAHPEAU_object@@PEAU_GUID@@@Z 1116->1117 1118 7ff8e6a32b44-7ff8e6a32b57 call 7ff8e6a79e60 1116->1118 1117->1118 1120 7ff8e6a32998-7ff8e6a329d6 PyEval_SaveThread GetActiveObject PyEval_RestoreThread 1117->1120 1122 7ff8e6a329dc-7ff8e6a329e1 1120->1122 1123 7ff8e6a32b32-7ff8e6a32b42 call 7ff8e6a24cc0 1120->1123 1122->1123 1124 7ff8e6a329e7-7ff8e6a32a29 PyEval_SaveThread PyEval_RestoreThread 1122->1124 1128 7ff8e6a32aff-7ff8e6a32b1f call 7ff8e6a79e60 1123->1128 1132 7ff8e6a32a2f-7ff8e6a32a37 1124->1132 1133 7ff8e6a32b20-7ff8e6a32b30 call 7ff8e6a24cc0 1124->1133 1132->1133 1134 7ff8e6a32a3d-7ff8e6a32a50 ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z 1132->1134 1139 7ff8e6a32afa 1133->1139 1136 7ff8e6a32a9a-7ff8e6a32ab5 PyEval_SaveThread PyEval_RestoreThread 1134->1136 1137 7ff8e6a32a52-7ff8e6a32a67 PyDict_GetItem 1134->1137 1146 7ff8e6a32af7 1136->1146 1140 7ff8e6a32a78-7ff8e6a32a7b 1137->1140 1141 7ff8e6a32a69-7ff8e6a32a6d 1137->1141 1139->1128 1143 7ff8e6a32a7d-7ff8e6a32a83 PyErr_Clear 1140->1143 1144 7ff8e6a32ab7-7ff8e6a32ac9 PyObject_IsSubclass 1140->1144 1141->1140 1142 7ff8e6a32a6f-7ff8e6a32a72 _Py_Dealloc 1141->1142 1142->1140 1149 7ff8e6a32a8a-7ff8e6a32a94 PyErr_SetString 1143->1149 1147 7ff8e6a32acb-7ff8e6a32ad2 1144->1147 1148 7ff8e6a32ad4-7ff8e6a32ade 1144->1148 1146->1139 1147->1149 1150 7ff8e6a32ae9-7ff8e6a32af1 1148->1150 1151 7ff8e6a32ae0-7ff8e6a32ae7 1148->1151 1149->1136 1150->1146 1153 7ff8e6a32af3 1150->1153 1151->1149 1153->1146
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Object_RestoreSave$D@@@Err_U_object@@$ActiveArg_ClearDeallocDict_FromItemObjectParseStringSubclassTuple
                                                                                                                                                                                                                                        • String ID: O:Connect$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                        • API String ID: 3189202653-685158464
                                                                                                                                                                                                                                        • Opcode ID: fb32afdec469271614cca1a4a8ef09c28be4a29631b2a3156b5743866c1a9132
                                                                                                                                                                                                                                        • Instruction ID: a061e5e3ce141effc02278a9d7770818addb18fe51b027dcf62f67b09d729834
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fb32afdec469271614cca1a4a8ef09c28be4a29631b2a3156b5743866c1a9132
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D2511721F28B4382EA249FA6E85627963A1FF88BD4F484036DE5E47765DF3CE5058702
                                                                                                                                                                                                                                        Function 00007FF8E6AE5ED0 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 96COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626564641.00007FF8E6AE1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8E6AE0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626533701.00007FF8E6AE0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626615099.00007FF8E6AF1000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626664675.00007FF8E6AFF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626712654.00007FF8E6B02000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6ae0000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String$CharClearFreeMem_Unicode_Wide
                                                                                                                                                                                                                                        • String ID: <NULL!!>$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$Only strings and iids can be converted to a CLSID.$value is larger than a DWORD
                                                                                                                                                                                                                                        • API String ID: 443722841-2914159855
                                                                                                                                                                                                                                        • Opcode ID: 37b0708b124ef805f6eafb4413cb45e7aa50632965b2a1696fc48efc4bb87208
                                                                                                                                                                                                                                        • Instruction ID: cfac28127ec5740e2e583132123146bb708bdaa20267a05c4eea158d9737c7eb
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 37b0708b124ef805f6eafb4413cb45e7aa50632965b2a1696fc48efc4bb87208
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 33415D71F2CA4282EE508B96F45A37963A0FF88BD4F489135D90E47765DF6DE8898303
                                                                                                                                                                                                                                        Function 00007FF8E6A71010 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 178threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 1177 7ff8e6a71010-7ff8e6a71070 PyEval_SaveThread LHashValOfNameSys 1178 7ff8e6a71077-7ff8e6a71084 PyEval_RestoreThread 1177->1178 1179 7ff8e6a71086-7ff8e6a710a2 call 7ff8e6a24cc0 1178->1179 1180 7ff8e6a710a3-7ff8e6a710a9 1178->1180 1181 7ff8e6a710af-7ff8e6a710b2 1180->1181 1182 7ff8e6a71251-7ff8e6a7125d 1180->1182 1184 7ff8e6a710b8-7ff8e6a710bb 1181->1184 1185 7ff8e6a71229-7ff8e6a7124f call 7ff8e6a44570 1181->1185 1187 7ff8e6a7125f-7ff8e6a71261 1182->1187 1188 7ff8e6a71268-7ff8e6a71270 1182->1188 1191 7ff8e6a71201-7ff8e6a7120e call 7ff8e6a733c0 1184->1191 1192 7ff8e6a710c1-7ff8e6a710c4 1184->1192 1185->1188 1187->1188 1189 7ff8e6a71278-7ff8e6a7127b 1188->1189 1190 7ff8e6a71272 1188->1190 1196 7ff8e6a7127d-7ff8e6a7128e PyTuple_New 1189->1196 1197 7ff8e6a712b2-7ff8e6a712c0 1189->1197 1190->1189 1206 7ff8e6a71211-7ff8e6a71227 1191->1206 1194 7ff8e6a71128-7ff8e6a71133 1192->1194 1195 7ff8e6a710c6-7ff8e6a710c9 1192->1195 1194->1182 1200 7ff8e6a71139-7ff8e6a7114c ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z 1194->1200 1195->1182 1201 7ff8e6a710cf-7ff8e6a710f0 PyTuple_New 1195->1201 1196->1197 1202 7ff8e6a71290-7ff8e6a712b1 PyLong_FromLong 1196->1202 1204 7ff8e6a7114e-7ff8e6a71163 PyEval_SaveThread PyEval_RestoreThread 1200->1204 1205 7ff8e6a71170-7ff8e6a71186 PyDict_GetItem 1200->1205 1213 7ff8e6a71118-7ff8e6a71123 1201->1213 1214 7ff8e6a710f2-7ff8e6a71114 call 7ff8e6a733c0 call 7ff8e6a71010 1201->1214 1218 7ff8e6a71169-7ff8e6a7116b 1204->1218 1208 7ff8e6a71188-7ff8e6a7118c 1205->1208 1209 7ff8e6a71197-7ff8e6a7119a 1205->1209 1206->1188 1208->1209 1212 7ff8e6a7118e-7ff8e6a71191 _Py_Dealloc 1208->1212 1216 7ff8e6a7119c-7ff8e6a711a2 PyErr_Clear 1209->1216 1217 7ff8e6a711bb-7ff8e6a711cd PyObject_IsSubclass 1209->1217 1212->1209 1213->1206 1214->1213 1220 7ff8e6a711a9-7ff8e6a711b9 PyErr_SetString 1216->1220 1221 7ff8e6a711cf-7ff8e6a711d6 1217->1221 1222 7ff8e6a711d8-7ff8e6a711e2 1217->1222 1218->1188 1220->1204 1221->1220 1224 7ff8e6a711ed-7ff8e6a711f5 1222->1224 1225 7ff8e6a711e4-7ff8e6a711eb 1222->1225 1224->1218 1230 7ff8e6a711fb-7ff8e6a711ff 1224->1230 1225->1220 1230->1188
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyEval_SaveThread.PYTHON313(?,?,?,?,?,?,?,?,?,00007FF8E6A70F55), ref: 00007FF8E6A71026
                                                                                                                                                                                                                                        • LHashValOfNameSys.OLEAUT32 ref: 00007FF8E6A7103C
                                                                                                                                                                                                                                        • PyEval_RestoreThread.PYTHON313(?,?,?,?,?,?,?,?,?,00007FF8E6A70F55), ref: 00007FF8E6A7107C
                                                                                                                                                                                                                                        • PyTuple_New.PYTHON313(?,?,?,?,?,?,?,?,?,00007FF8E6A70F55), ref: 00007FF8E6A710E4
                                                                                                                                                                                                                                        • PyTuple_New.PYTHON313(?,?,?,?,?,?,?,?,?,00007FF8E6A70F55), ref: 00007FF8E6A71282
                                                                                                                                                                                                                                        • PyLong_FromLong.PYTHON313(?,?,?,?,?,?,?,?,?,00007FF8E6A70F55), ref: 00007FF8E6A71294
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A24CFC
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A24D3F
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A24D49
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: GetErrorInfo.OLEAUT32 ref: 00007FF8E6A24D59
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A24D64
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A24D85
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A24D9C
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: ?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z.PYWINTYPES313 ref: 00007FF8E6A24DBC
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: Py_BuildValue.PYTHON313 ref: 00007FF8E6A24DDD
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: _Py_Dealloc.PYTHON313 ref: 00007FF8E6A24DF4
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyErr_SetObject.PYTHON313 ref: 00007FF8E6A24E07
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: _Py_Dealloc.PYTHON313 ref: 00007FF8E6A24E20
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        • The type does not declare a PyCom constructor, xrefs: 00007FF8E6A711E4
                                                                                                                                                                                                                                        • The Python IID map is invalid - the value is not an interface type object, xrefs: 00007FF8E6A711CF
                                                                                                                                                                                                                                        • There is no interface object registered that supports this IID, xrefs: 00007FF8E6A711A2
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$RestoreSave$DeallocFromTuple_$BuildErr_ErrorHashInfoLongLong_NameObjectObject_U_object@@Value
                                                                                                                                                                                                                                        • String ID: The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                        • API String ID: 3698739723-49823770
                                                                                                                                                                                                                                        • Opcode ID: 5804f62f2bd91cdc706f36869b61dbd82ed5bf92c8980cc4d7a103c0c7ca2645
                                                                                                                                                                                                                                        • Instruction ID: adf38ebdd699dc96feb142c5b2a32dc9edd32b11238aebd12ac05c74acaea6ab
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5804f62f2bd91cdc706f36869b61dbd82ed5bf92c8980cc4d7a103c0c7ca2645
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5A714F22F19A4282EA549BA5E85A37963E0FF99FE4F484035CE5D47B94DF3CF8448702
                                                                                                                                                                                                                                        Function 00007FF8E6A2BE90 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 132threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 1231 7ff8e6a2be90-7ff8e6a2bec7 PyArg_ParseTuple 1232 7ff8e6a2bec9-7ff8e6a2becc 1231->1232 1233 7ff8e6a2bee2-7ff8e6a2beea 1231->1233 1234 7ff8e6a2beeb-7ff8e6a2bef2 1232->1234 1235 7ff8e6a2bece 1232->1235 1236 7ff8e6a2befd-7ff8e6a2bf26 PyEval_SaveThread 1234->1236 1237 7ff8e6a2bef4-7ff8e6a2befb 1234->1237 1238 7ff8e6a2bed5-7ff8e6a2bedc PyErr_SetString 1235->1238 1239 7ff8e6a2bf2d-7ff8e6a2bf3a PyEval_RestoreThread 1236->1239 1237->1238 1238->1233 1240 7ff8e6a2bf5e-7ff8e6a2bf66 1239->1240 1241 7ff8e6a2bf3c-7ff8e6a2bf5d call 7ff8e6a24cc0 1239->1241 1243 7ff8e6a2bf68-7ff8e6a2bf74 1240->1243 1244 7ff8e6a2bf97-7ff8e6a2bfaa ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z 1240->1244 1246 7ff8e6a2bf7a-7ff8e6a2bf96 1243->1246 1247 7ff8e6a2c063-7ff8e6a2c076 1243->1247 1248 7ff8e6a2bfac-7ff8e6a2bfc1 PyDict_GetItem 1244->1248 1249 7ff8e6a2bff4-7ff8e6a2c022 PyEval_SaveThread PyEval_RestoreThread 1244->1249 1250 7ff8e6a2bfd2-7ff8e6a2bfd5 1248->1250 1251 7ff8e6a2bfc3-7ff8e6a2bfc7 1248->1251 1252 7ff8e6a2c023-7ff8e6a2c035 PyObject_IsSubclass 1250->1252 1253 7ff8e6a2bfd7-7ff8e6a2bfdd PyErr_Clear 1250->1253 1251->1250 1255 7ff8e6a2bfc9-7ff8e6a2bfcc _Py_Dealloc 1251->1255 1257 7ff8e6a2c040-7ff8e6a2c04a 1252->1257 1258 7ff8e6a2c037-7ff8e6a2c03e 1252->1258 1256 7ff8e6a2bfe4-7ff8e6a2bfee PyErr_SetString 1253->1256 1255->1250 1256->1249 1259 7ff8e6a2c04c-7ff8e6a2c053 1257->1259 1260 7ff8e6a2c055-7ff8e6a2c05d 1257->1260 1258->1256 1259->1256 1260->1247 1262 7ff8e6a2c05f 1260->1262 1262->1247
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Err_$RestoreSaveString$Arg_ClearD@@@DeallocDict_FromItemObject_ParseTupleU_object@@
                                                                                                                                                                                                                                        • String ID: The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$|ii:GetTypeInfo
                                                                                                                                                                                                                                        • API String ID: 2945167311-1333789200
                                                                                                                                                                                                                                        • Opcode ID: c12a8f3d87f37f9b06d4fb00c08d740b5285eb880e27b4f63054bd0b6c6bdd9d
                                                                                                                                                                                                                                        • Instruction ID: 09368ef91ecc2858e63ccdbcc35d533636437bcdcd548d0612185e17c9d45af9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c12a8f3d87f37f9b06d4fb00c08d740b5285eb880e27b4f63054bd0b6c6bdd9d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90517B76F68B4282EA509F96F8026A963A4FF88BE4F484035DE5E07754DF3CE445C702
                                                                                                                                                                                                                                        Function 00007FF8E6BC4760 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 128COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 1263 7ff8e6bc4760-7ff8e6bc479d PyImport_ImportModuleLevelObject 1264 7ff8e6bc47a3-7ff8e6bc47af 1263->1264 1265 7ff8e6bc491b 1263->1265 1266 7ff8e6bc4935-7ff8e6bc4938 1264->1266 1267 7ff8e6bc47b5-7ff8e6bc47c8 1264->1267 1268 7ff8e6bc491d-7ff8e6bc4934 1265->1268 1266->1268 1269 7ff8e6bc47d0-7ff8e6bc47e9 PyObject_GetAttr 1267->1269 1270 7ff8e6bc4837-7ff8e6bc484b 1269->1270 1271 7ff8e6bc47eb-7ff8e6bc4809 PyUnicode_FromFormat 1269->1271 1274 7ff8e6bc4855 PyObject_SetItem 1270->1274 1275 7ff8e6bc484d-7ff8e6bc4853 PyDict_SetItem 1270->1275 1272 7ff8e6bc489b-7ff8e6bc48e2 PyErr_Clear PyModule_GetFilenameObject PyUnicode_FromFormat PyErr_SetImportError 1271->1272 1273 7ff8e6bc480f-7ff8e6bc4821 PyObject_GetItem 1271->1273 1276 7ff8e6bc48f3-7ff8e6bc48f6 1272->1276 1277 7ff8e6bc48e4-7ff8e6bc48e8 1272->1277 1278 7ff8e6bc4823-7ff8e6bc4827 1273->1278 1279 7ff8e6bc4832-7ff8e6bc4835 1273->1279 1280 7ff8e6bc485b-7ff8e6bc4860 1274->1280 1275->1280 1282 7ff8e6bc4907-7ff8e6bc490a 1276->1282 1283 7ff8e6bc48f8-7ff8e6bc48fc 1276->1283 1277->1276 1281 7ff8e6bc48ea-7ff8e6bc48ed _Py_Dealloc 1277->1281 1278->1279 1284 7ff8e6bc4829-7ff8e6bc482c _Py_Dealloc 1278->1284 1279->1270 1279->1272 1285 7ff8e6bc4862-7ff8e6bc4866 1280->1285 1286 7ff8e6bc4871-7ff8e6bc4873 1280->1286 1281->1276 1282->1265 1289 7ff8e6bc490c-7ff8e6bc4910 1282->1289 1283->1282 1288 7ff8e6bc48fe-7ff8e6bc4901 _Py_Dealloc 1283->1288 1284->1279 1285->1286 1290 7ff8e6bc4868-7ff8e6bc486b _Py_Dealloc 1285->1290 1286->1282 1287 7ff8e6bc4879-7ff8e6bc4888 1286->1287 1287->1266 1291 7ff8e6bc488e-7ff8e6bc4896 1287->1291 1288->1282 1289->1265 1292 7ff8e6bc4912-7ff8e6bc4915 _Py_Dealloc 1289->1292 1290->1286 1291->1269 1292->1265
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2627236177.00007FF8E6BC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FF8E6BC0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2627204687.00007FF8E6BC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2627311785.00007FF8E6BD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2627361439.00007FF8E6BDB000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2627390508.00007FF8E6BDF000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6bc0000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$ItemObject_$Err_FormatFromImportObjectUnicode_$AttrClearDict_ErrorFilenameImport_LevelModuleModule_
                                                                                                                                                                                                                                        • String ID: %U.%U$cannot import name %R from %R (%S)
                                                                                                                                                                                                                                        • API String ID: 3630264407-438398067
                                                                                                                                                                                                                                        • Opcode ID: aea79ed82b41080dcdede2459c0bc734a1ab5dbcbebbb0792b6c7292410103bd
                                                                                                                                                                                                                                        • Instruction ID: 4c4d5f41ef8108bff92cdc12481fb4b69303c2c3ddd592ce7996c068abaf0b25
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aea79ed82b41080dcdede2459c0bc734a1ab5dbcbebbb0792b6c7292410103bd
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09518032A28A9295EB148FA2A94477A77A0BB89FD5F444430CE4D4BB55DF3CE245C342
                                                                                                                                                                                                                                        Function 00007FF653F01950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 1293 7ff653f01950-7ff653f0198b call 7ff653f045c0 1296 7ff653f01991-7ff653f019d1 call 7ff653f07f90 1293->1296 1297 7ff653f01c4e-7ff653f01c72 call 7ff653f0c550 1293->1297 1302 7ff653f01c3b-7ff653f01c3e call 7ff653f1004c 1296->1302 1303 7ff653f019d7-7ff653f019e7 call 7ff653f106d4 1296->1303 1307 7ff653f01c43-7ff653f01c4b 1302->1307 1308 7ff653f019e9-7ff653f01a03 call 7ff653f14f08 call 7ff653f02910 1303->1308 1309 7ff653f01a08-7ff653f01a24 call 7ff653f1039c 1303->1309 1307->1297 1308->1302 1314 7ff653f01a45-7ff653f01a5a call 7ff653f14f28 1309->1314 1315 7ff653f01a26-7ff653f01a40 call 7ff653f14f08 call 7ff653f02910 1309->1315 1323 7ff653f01a5c-7ff653f01a76 call 7ff653f14f08 call 7ff653f02910 1314->1323 1324 7ff653f01a7b-7ff653f01afc call 7ff653f01c80 * 2 call 7ff653f106d4 1314->1324 1315->1302 1323->1302 1335 7ff653f01b01-7ff653f01b14 call 7ff653f14f44 1324->1335 1338 7ff653f01b35-7ff653f01b4e call 7ff653f1039c 1335->1338 1339 7ff653f01b16-7ff653f01b30 call 7ff653f14f08 call 7ff653f02910 1335->1339 1345 7ff653f01b50-7ff653f01b6a call 7ff653f14f08 call 7ff653f02910 1338->1345 1346 7ff653f01b6f-7ff653f01b8b call 7ff653f10110 1338->1346 1339->1302 1345->1302 1353 7ff653f01b9e-7ff653f01bac 1346->1353 1354 7ff653f01b8d-7ff653f01b99 call 7ff653f02710 1346->1354 1353->1302 1357 7ff653f01bb2-7ff653f01bb9 1353->1357 1354->1302 1359 7ff653f01bc1-7ff653f01bc7 1357->1359 1360 7ff653f01be0-7ff653f01bef 1359->1360 1361 7ff653f01bc9-7ff653f01bd6 1359->1361 1360->1360 1362 7ff653f01bf1-7ff653f01bfa 1360->1362 1361->1362 1363 7ff653f01c0f 1362->1363 1364 7ff653f01bfc-7ff653f01bff 1362->1364 1366 7ff653f01c11-7ff653f01c24 1363->1366 1364->1363 1365 7ff653f01c01-7ff653f01c04 1364->1365 1365->1363 1367 7ff653f01c06-7ff653f01c09 1365->1367 1368 7ff653f01c2d-7ff653f01c39 1366->1368 1369 7ff653f01c26 1366->1369 1367->1363 1370 7ff653f01c0b-7ff653f01c0d 1367->1370 1368->1302 1368->1359 1369->1368 1370->1366
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F07F90: _fread_nolock.LIBCMT ref: 00007FF653F0803A
                                                                                                                                                                                                                                        • _fread_nolock.LIBCMT ref: 00007FF653F01A1B
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F02910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF653F01B6A), ref: 00007FF653F0295E
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2625625066.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625581474.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625680575.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625820472.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                                        • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                        • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                                        • Opcode ID: ee3080450604db9b79bcaf6ea9780d01564dfb64de786eed8711188a6f6cabc7
                                                                                                                                                                                                                                        • Instruction ID: 029d99e68dd487bbcfacb5923a1cb7f62739487c84acfd97c446f2610257d53b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee3080450604db9b79bcaf6ea9780d01564dfb64de786eed8711188a6f6cabc7
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A819475A2868686EB20DB18E5436F933A2EF84F44F488435ED8EF7785DE3CE5458740
                                                                                                                                                                                                                                        Function 00007FF8E6BC9263 Relevance: 19.6, APIs: 13, Instructions: 139COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 1371 7ff8e6bc9263-7ff8e6bc92a9 call 7ff8e6bc42e0 1374 7ff8e6bc92e3-7ff8e6bc92ed 1371->1374 1375 7ff8e6bc92ab-7ff8e6bc92b5 call 7ff8e6bd2a40 1371->1375 1377 7ff8e6bc9306-7ff8e6bc9309 1374->1377 1378 7ff8e6bc92ef-7ff8e6bc92f8 1374->1378 1382 7ff8e6bc92ba-7ff8e6bc92bc 1375->1382 1380 7ff8e6bc931e-7ff8e6bc9328 1377->1380 1381 7ff8e6bc930b-7ff8e6bc930d 1377->1381 1378->1377 1379 7ff8e6bc92fa-7ff8e6bc92fe 1378->1379 1379->1377 1383 7ff8e6bc9300 _Py_Dealloc 1379->1383 1385 7ff8e6bc9341-7ff8e6bc934b 1380->1385 1386 7ff8e6bc932a-7ff8e6bc9333 1380->1386 1381->1380 1384 7ff8e6bc930f-7ff8e6bc9313 1381->1384 1382->1374 1387 7ff8e6bc92be-7ff8e6bc92c0 1382->1387 1383->1377 1384->1380 1388 7ff8e6bc9315-7ff8e6bc9318 _Py_Dealloc 1384->1388 1390 7ff8e6bc9364-7ff8e6bc936e 1385->1390 1391 7ff8e6bc934d-7ff8e6bc9356 1385->1391 1386->1385 1389 7ff8e6bc9335-7ff8e6bc9339 1386->1389 1392 7ff8e6bc92d1-7ff8e6bc92e2 1387->1392 1393 7ff8e6bc92c2-7ff8e6bc92c6 1387->1393 1388->1380 1389->1385 1394 7ff8e6bc933b _Py_Dealloc 1389->1394 1397 7ff8e6bc9387-7ff8e6bc9391 1390->1397 1398 7ff8e6bc9370-7ff8e6bc9379 1390->1398 1391->1390 1395 7ff8e6bc9358-7ff8e6bc935c 1391->1395 1393->1392 1396 7ff8e6bc92c8-7ff8e6bc92cb _Py_Dealloc 1393->1396 1394->1385 1395->1390 1402 7ff8e6bc935e _Py_Dealloc 1395->1402 1396->1392 1400 7ff8e6bc9393-7ff8e6bc939c 1397->1400 1401 7ff8e6bc93aa-7ff8e6bc93b4 1397->1401 1398->1397 1399 7ff8e6bc937b-7ff8e6bc937f 1398->1399 1399->1397 1403 7ff8e6bc9381 _Py_Dealloc 1399->1403 1400->1401 1404 7ff8e6bc939e-7ff8e6bc93a2 1400->1404 1405 7ff8e6bc93b6-7ff8e6bc93bf 1401->1405 1406 7ff8e6bc93cd-7ff8e6bc93d7 1401->1406 1402->1390 1403->1397 1404->1401 1407 7ff8e6bc93a4 _Py_Dealloc 1404->1407 1405->1406 1408 7ff8e6bc93c1-7ff8e6bc93c5 1405->1408 1409 7ff8e6bc93f0-7ff8e6bc93fa 1406->1409 1410 7ff8e6bc93d9-7ff8e6bc93e2 1406->1410 1407->1401 1408->1406 1411 7ff8e6bc93c7 _Py_Dealloc 1408->1411 1413 7ff8e6bc9413-7ff8e6bc941d 1409->1413 1414 7ff8e6bc93fc-7ff8e6bc9405 1409->1414 1410->1409 1412 7ff8e6bc93e4-7ff8e6bc93e8 1410->1412 1411->1406 1412->1409 1418 7ff8e6bc93ea _Py_Dealloc 1412->1418 1416 7ff8e6bc9436-7ff8e6bc9440 1413->1416 1417 7ff8e6bc941f-7ff8e6bc9428 1413->1417 1414->1413 1415 7ff8e6bc9407-7ff8e6bc940b 1414->1415 1415->1413 1419 7ff8e6bc940d _Py_Dealloc 1415->1419 1421 7ff8e6bc9442-7ff8e6bc944b 1416->1421 1422 7ff8e6bc9459-7ff8e6bc9463 1416->1422 1417->1416 1420 7ff8e6bc942a-7ff8e6bc942e 1417->1420 1418->1409 1419->1413 1420->1416 1423 7ff8e6bc9430 _Py_Dealloc 1420->1423 1421->1422 1424 7ff8e6bc944d-7ff8e6bc9451 1421->1424 1425 7ff8e6bc9465-7ff8e6bc946e 1422->1425 1426 7ff8e6bc947c-7ff8e6bc9488 1422->1426 1423->1416 1424->1422 1427 7ff8e6bc9453 _Py_Dealloc 1424->1427 1425->1426 1428 7ff8e6bc9470-7ff8e6bc9474 1425->1428 1427->1422 1428->1426 1429 7ff8e6bc9476 _Py_Dealloc 1428->1429 1429->1426
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2627236177.00007FF8E6BC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FF8E6BC0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2627204687.00007FF8E6BC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2627311785.00007FF8E6BD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2627361439.00007FF8E6BDB000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2627390508.00007FF8E6BDF000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6bc0000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$Unicode_$FromInternPlaceSizeString
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2745024575-0
                                                                                                                                                                                                                                        • Opcode ID: e3abe80e124aa434e129e5a5323edaca9fc8b80d125148bed174b3bde365830c
                                                                                                                                                                                                                                        • Instruction ID: dfc2bc85a9be817f67ff99946cb1d05ea028ae7a8a62cc1d304f1fbaa43d7be2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e3abe80e124aa434e129e5a5323edaca9fc8b80d125148bed174b3bde365830c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B710736D6AA0395FA65AFE4AD4433533A4BFC0BD5F144930C52D8A6A1DF3EA242C313
                                                                                                                                                                                                                                        Function 00007FF8E6A440B0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 54libraryloaderthreadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: GlobalLock@@Win_$AcquireAddressCurrentHandleModuleProcReleaseThread
                                                                                                                                                                                                                                        • String ID: CoInitializeEx$CoInitializeEx failed (0x%08lx)$ole32.dll
                                                                                                                                                                                                                                        • API String ID: 2699693448-4213856137
                                                                                                                                                                                                                                        • Opcode ID: 8a952fc43bd525437a0d6f348abac8e58cc68f4b7ebf1dc6150318704ae46fdd
                                                                                                                                                                                                                                        • Instruction ID: f6055452a1369a1b162a1d61f2474e7dc50ef65e9e3ec353261d73a794788198
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8a952fc43bd525437a0d6f348abac8e58cc68f4b7ebf1dc6150318704ae46fdd
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 26215E20F2C20786F7909BE9FC4637A2692FF697D5F14403DC90D862A1EEBDB4948613
                                                                                                                                                                                                                                        Function 00007FF653F01470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2625625066.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625581474.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625680575.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625820472.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                        • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                        • Opcode ID: 3b379cfcfb123380b7207fe9b70de138e86c6d94a3f87720caf8569e0a5fbbd0
                                                                                                                                                                                                                                        • Instruction ID: aa7f794fe0d3abc7bcc3e9fb26c8ac8328d9bb5245cb7d0909fb0e5117feb772
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3b379cfcfb123380b7207fe9b70de138e86c6d94a3f87720caf8569e0a5fbbd0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0941B235A2868286EB10DB65E9425B96392FF44F84F4C4432ED4EBBB95DF3CE542C700
                                                                                                                                                                                                                                        Function 00007FF653F01210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2625625066.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625581474.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625680575.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625820472.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                        • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                        • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                                        • Opcode ID: 9b2da8e32cee601306ebcebf5d16e93c03482fa50eddd1a53150bf2cf71a648a
                                                                                                                                                                                                                                        • Instruction ID: 101883517acd0e3675cfaf44fbdc243f9aff0ce228241cdac421b969071278d0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9b2da8e32cee601306ebcebf5d16e93c03482fa50eddd1a53150bf2cf71a648a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F2512866A2868281EA209B19E8423BA6293FF85F94F4C4131ED4EF77D5EF3CE445C700
                                                                                                                                                                                                                                        Function 00007FF653F036B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,00007FF653F03804), ref: 00007FF653F036E1
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF653F03804), ref: 00007FF653F036EB
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F02C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF653F03706,?,00007FF653F03804), ref: 00007FF653F02C9E
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F02C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF653F03706,?,00007FF653F03804), ref: 00007FF653F02D63
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F02C50: MessageBoxW.USER32 ref: 00007FF653F02D99
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2625625066.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625581474.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625680575.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625820472.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                                                        • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                        • API String ID: 3187769757-2863816727
                                                                                                                                                                                                                                        • Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                                                        • Instruction ID: 7c9025d879be53a4a17c58ea6e91d9bad98bb5d8c12ec42be0f2074c83987bdc
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A218361B3C68291FA20D728ED523BA6292BF88B54F484132E65FF75E5EE2CE504C740
                                                                                                                                                                                                                                        Function 00007FF653F1BA5C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2625625066.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625581474.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625680575.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625820472.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: c3f57b6cd1f658b3a1cfdd45bc75f21d2f6c8be166295f0eb40444005b392bd6
                                                                                                                                                                                                                                        • Instruction ID: 8d8e2ca3f0ded474f2a51296c36356b5f9816522e6992a25c36b39252dae521c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c3f57b6cd1f658b3a1cfdd45bc75f21d2f6c8be166295f0eb40444005b392bd6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F4C1DFB2A2C686D1E6648B15E4422BE3B62FBC1F90F5D4131EA4EB3791CF7DE8558700
                                                                                                                                                                                                                                        Function 00007FF653F06360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2625625066.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625581474.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625680575.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625820472.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                        • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                                        • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                                        • Opcode ID: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
                                                                                                                                                                                                                                        • Instruction ID: ba9e228f831235ea05b0c7ec56d340b2d1b9b4ff490d714e99797dd8626da206
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8B41A331A28AC7D1EA21DB29E9161ED6353FF44B44F880132EA5EB3295EF3CE509C740
                                                                                                                                                                                                                                        Function 00007FF8E6A70EA0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Bstr@@Object_$Arg_Err_FreeParseStringTupleU_object@@
                                                                                                                                                                                                                                        • String ID: O|i:Bind$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 3061223275-2584696442
                                                                                                                                                                                                                                        • Opcode ID: 0d960c27681c90812c89b8f24a092050a8bec021980732a51c3a71dcb4ad7379
                                                                                                                                                                                                                                        • Instruction ID: 8abe1de3094e4265ecc2f1fca0cbd36687d48185b72fc2e980cd3e0e620ec2eb
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0d960c27681c90812c89b8f24a092050a8bec021980732a51c3a71dcb4ad7379
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 41214266F2874282EF548F96F44526AA3A0FF88BE4B480436EE5D07B58DF7CE445C701
                                                                                                                                                                                                                                        Function 00007FF653F15628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2625625066.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625581474.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625680575.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625820472.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1279662727-0
                                                                                                                                                                                                                                        • Opcode ID: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
                                                                                                                                                                                                                                        • Instruction ID: d109240ed295eec31f2791edf69e3a9853b065d7dfd2f001f253aecc1c0b7376
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4841A4B2D3878283E7148B20E5123797261FB94BA4F148335EA9C63AD1DF7CE4E08740
                                                                                                                                                                                                                                        Function 00007FF653F0CC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2625625066.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625581474.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625680575.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625820472.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3251591375-0
                                                                                                                                                                                                                                        • Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                                                        • Instruction ID: b704c9a3671d367279017fa028cb42cf0648f3a74309811f7e3e3c77ad31361d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A0313C25E2914781FA14AB69E9533BA16C39F41F88F4C5034E95FFB2D7DE2CF9048281
                                                                                                                                                                                                                                        Function 00007FF8E6BD2BDD Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2627236177.00007FF8E6BC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FF8E6BC0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2627204687.00007FF8E6BC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2627311785.00007FF8E6BD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2627361439.00007FF8E6BDB000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2627390508.00007FF8E6BDF000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6bc0000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc
                                                                                                                                                                                                                                        • String ID: <module>
                                                                                                                                                                                                                                        • API String ID: 3617616757-217463007
                                                                                                                                                                                                                                        • Opcode ID: 38ba6ef64a3c4e3da176dcc799c31920718849fe8b93e96334157dff539b19ff
                                                                                                                                                                                                                                        • Instruction ID: a15859fe2096d30e8afe8aff77a7334385d2af488c89ab707a42309d07bd3192
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38ba6ef64a3c4e3da176dcc799c31920718849fe8b93e96334157dff539b19ff
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CBF03AA5E2AA4741FA119BD5AC003B536107FC1BD5F400432D91D4A2A1DD3CF5828312
                                                                                                                                                                                                                                        Function 00007FF653F1013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2625625066.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625581474.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625680575.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625820472.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                        • Instruction ID: 4bfa3a8946d0c955afd483b899b88bb92e27290810ed1a801af087e63324fd86
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 98510BB1B2928386FB649A26E40267A6693BF84FA4F1C4735ED7DB77D5CE3CD4018600
                                                                                                                                                                                                                                        Function 00007FF653F1C134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2625625066.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625581474.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625680575.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625820472.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2976181284-0
                                                                                                                                                                                                                                        • Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                                                        • Instruction ID: 823fe7ce4ec10ae09a58a95c9b71f79767512926ac736367d5f1e1dcc399faec
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 341104B2A28A8181DA608B25F8110696362AB41FF4F580331EEBDB77E9CE7CD4108700
                                                                                                                                                                                                                                        Function 00007FF653F1AB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,00007FF653F1A9D5,?,?,00000000,00007FF653F1AA8A), ref: 00007FF653F1ABC6
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF653F1A9D5,?,?,00000000,00007FF653F1AA8A), ref: 00007FF653F1ABD0
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2625625066.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625581474.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625680575.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625820472.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 918212764-0
                                                                                                                                                                                                                                        • Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                                                        • Instruction ID: 94550033bc6b0540cfba2566c8ce62b84250361bb12b75558da3388e6ead4e20
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E216FB1B3878241EEA597A5F59227A16939F84FA4F0C4239EA2EF77D1CE6CE4414310
                                                                                                                                                                                                                                        Function 00007FF653F1BEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2625625066.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625581474.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625680575.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625820472.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                                                        • Instruction ID: d150eacb5ea3484084e236b680b552bf3ce24a9003247ae6d8707ca38795b510
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3041D672928245C7EA349B99F54227973A2EB95F91F180131D68EF36D1CF2CE802DB51
                                                                                                                                                                                                                                        Function 00007FF653F07F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2625625066.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625581474.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625680575.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625820472.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _fread_nolock
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 840049012-0
                                                                                                                                                                                                                                        • Opcode ID: 09e0edd5bfc77bffd2ce204413b85077ed061b6568614956a0855b02b1706b89
                                                                                                                                                                                                                                        • Instruction ID: 4e28151d87e3ad88121e8f35d686c8ca4d698455f3a1798c91082761c69b3219
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 09e0edd5bfc77bffd2ce204413b85077ed061b6568614956a0855b02b1706b89
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE21D621B2879246FA119A26BA063FA9652BF45FD4F8C4430EE4EB7786CE7DE041C300
                                                                                                                                                                                                                                        Function 00007FF653F1B93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2625625066.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625581474.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625680575.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625820472.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                                                                                                                                                                        • Instruction ID: 592ac17fe1b118f7583fd9ae5d37af1e7b7b359723c94ae59786525fd8c1c559
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 193150B2A3861285E6115B55E44237C2AA2AFC0FA4F890135E95DB73D2CF7CE8528711
                                                                                                                                                                                                                                        Function 00007FF653F15F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2625625066.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625581474.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625680575.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625820472.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                        • Instruction ID: d1fcebdb9db8a72b157d3af17a6c033c196c74a93570645305f170760865c1a6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2F1163B1A3C64181EA609F11F40217DA266BF85F84F4C4431EA4CF7B96CF7DD4109710
                                                                                                                                                                                                                                        Function 00007FF653F26354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2625625066.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625581474.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625680575.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625820472.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                                                        • Instruction ID: 8febc2df9162f2e693ba1f5cad775494dad32bba61baa145e95e42b7a7656f67
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F421D772628A81C6EB618F18E94177976A2FB84F54F184234FA9DE77D9DF7CD8018B00
                                                                                                                                                                                                                                        Function 00007FF653F103BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2625625066.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625581474.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625680575.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625820472.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                        • Instruction ID: 65b6a90bd5481facd2b20c52bae4deeee30543804b42c0832896245a9005e014
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 960188B1A2874681E904DF52E942579A696BF85FE0F4C4631EE5CB7BD6CE3CE4119300
                                                                                                                                                                                                                                        Function 00007FF653F08E80 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                          • Part of subcall function 00007FF653F09390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF653F045F4,00000000,00007FF653F01985), ref: 00007FF653F093C9
                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00007FF653F06476,?,00007FF653F0336E), ref: 00007FF653F08EA2
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2625625066.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625581474.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625680575.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625820472.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2592636585-0
                                                                                                                                                                                                                                        • Opcode ID: 3eee33850ff877a76f59ec51b6af72cd7d073a691558276a485592abc3036afa
                                                                                                                                                                                                                                        • Instruction ID: 5767a5ed603dc2f3fc38c0e7700b13ac3d86e8561c2043cb07cfc7b0cb48e388
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3eee33850ff877a76f59ec51b6af72cd7d073a691558276a485592abc3036afa
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F7D08C11B3828542EA48A76BBA4763A5252AB89FC0F8C8035EE0D67B5AEC3CC0514B00
                                                                                                                                                                                                                                        Function 00007FF653F1D5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(?,?,?,00007FF653F10C90,?,?,?,00007FF653F122FA,?,?,?,?,?,00007FF653F13AE9), ref: 00007FF653F1D63A
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2625625066.00007FF653F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF653F00000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625581474.00007FF653F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625680575.00007FF653F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625729004.00007FF653F41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2625820472.00007FF653F44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff653f00000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: AllocHeap
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 4292702814-0
                                                                                                                                                                                                                                        • Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                                                        • Instruction ID: 96cde7c94b1af91993bee0578af45a171717d17f6710c11b98fa48e2ec77c821
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5DF0F8A0F39A4785FE6567B1A94367522A65FD4FA0F0C0730ED2EF72C2DE2CE4909650

                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                        Function 00007FF8E6A28550 Relevance: 68.7, APIs: 36, Strings: 3, Instructions: 407threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$FreeString$Eval_ItemSequence_Thread$LongLong_Save$CheckRestoreSizeTuple_$ClearErr_Number_Object_OccurredVariantmalloc
                                                                                                                                                                                                                                        • String ID: Python error invoking COM method.$The Python function did not return the correct type$Too many results supplied - %d supplied, but only %d can be set
                                                                                                                                                                                                                                        • API String ID: 2419934528-3825184329
                                                                                                                                                                                                                                        • Opcode ID: 784f2b335ed5301804b88cb7e9238594253a6a8f08a317e24b2561b96a163a7f
                                                                                                                                                                                                                                        • Instruction ID: 54ceee1e3aab6df7f7ec0bf4663ad46352e0104ab0b32114928e438f57d414d9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 784f2b335ed5301804b88cb7e9238594253a6a8f08a317e24b2561b96a163a7f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 08027A32F2964286EB649FE1D95677823A0FF54BE8F048535EA1E47B94DF3CA4588302
                                                                                                                                                                                                                                        Function 00007FF8E6A4A880 Relevance: 68.5, APIs: 24, Strings: 15, Instructions: 237threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$Eval_Object_StringThread$InstanceRestoreSave$AttrBuildClearFormatFreeFromOccurredTaskU_object@@Value
                                                                                                                                                                                                                                        • String ID: AuthInfo$AuthnLevel$AuthnSvc$AuthzSvc$Capabilities$ImpLevel$None is not a valid interface object in this context$O:QueryBlanket$ServerPrincipalName$The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$The Python object is invalid$_oleobj_$argument is not a COM object (got type=%s)${s:k, s:k, s:N, s:k, s:k, s:O, s:k}
                                                                                                                                                                                                                                        • API String ID: 524826855-701739339
                                                                                                                                                                                                                                        • Opcode ID: 08d822bdeb83b6d7e03afaa67bfe1e0f3924da3af12c117e9b466ecddb885818
                                                                                                                                                                                                                                        • Instruction ID: 40b6a58320c303d2f6da19b641b9a77bd154df7060ef4bf6468a50deeec858f8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08d822bdeb83b6d7e03afaa67bfe1e0f3924da3af12c117e9b466ecddb885818
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 71C11A75F28A4281EA609F91E8963B963A1FF88BE4F444036CE5E47764DF3CE449C702
                                                                                                                                                                                                                                        Function 00007FF8E6A5F690 Relevance: 54.5, APIs: 24, Strings: 7, Instructions: 207COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String$Arg_ParseTuple
                                                                                                                                                                                                                                        • String ID: None is not a valid interface object in this context$O:IsEqual$The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$The Python object is invalid$_oleobj_$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                        • API String ID: 2640384126-1638673459
                                                                                                                                                                                                                                        • Opcode ID: b7e7e14fc5bcd2fb467ee23a68d74d9a172593a71272839c4cc64f2f02c923f0
                                                                                                                                                                                                                                        • Instruction ID: 4c88e71ef870aae1e1cb31931a2ed6d19346ecc5d543217fd43d39ef0790cbf3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b7e7e14fc5bcd2fb467ee23a68d74d9a172593a71272839c4cc64f2f02c923f0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 67911A65F28A4382FA10DFE1E85637923A1BF44BE8F445436CE2D47260DE7CF4498702
                                                                                                                                                                                                                                        Function 00007FF8E6A53780 Relevance: 51.0, APIs: 23, Strings: 6, Instructions: 215threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$String$Object_$Arg_Eval_InstanceParseThreadTuple$AttrClearFormatFromLongLong_OccurredRestoreSave
                                                                                                                                                                                                                                        • String ID: OlOi:Drop$The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$The Python object is invalid$_oleobj_$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                        • API String ID: 1455900791-214966965
                                                                                                                                                                                                                                        • Opcode ID: c4fb685ef935b50b2db5dab5586fa5a81f673176cb595eac6aa8e891b41aef89
                                                                                                                                                                                                                                        • Instruction ID: 3c2f0656f87188e8b1a5e850ffd06c661f1e87b3495d73c7812bbaf5fdaa7194
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c4fb685ef935b50b2db5dab5586fa5a81f673176cb595eac6aa8e891b41aef89
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DEA11865F28A4281FA50DFE1E8963B923A1FF94BE4F544036DE5E47664EE3CE449C302
                                                                                                                                                                                                                                        Function 00007FF8E6A385E0 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 184threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyArg_ParseTuple.PYTHON313 ref: 00007FF8E6A38622
                                                                                                                                                                                                                                        • PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A38874
                                                                                                                                                                                                                                        • PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A3888D
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A24CFC
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A24D3F
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A24D49
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: GetErrorInfo.OLEAUT32 ref: 00007FF8E6A24D59
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A24D64
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A24D85
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A24D9C
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: ?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z.PYWINTYPES313 ref: 00007FF8E6A24DBC
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: Py_BuildValue.PYTHON313 ref: 00007FF8E6A24DDD
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: _Py_Dealloc.PYTHON313 ref: 00007FF8E6A24DF4
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyErr_SetObject.PYTHON313 ref: 00007FF8E6A24E07
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: _Py_Dealloc.PYTHON313 ref: 00007FF8E6A24E20
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$RestoreSave$Dealloc$Arg_BuildErr_ErrorFromInfoObjectObject_ParseTupleU_object@@Value
                                                                                                                                                                                                                                        • String ID: O:CoSetCancelObject$The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$_oleobj_$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                        • API String ID: 1214226025-3744512049
                                                                                                                                                                                                                                        • Opcode ID: 99551560bec47f49f8949582e3964fc8d28ddab8a2585b8c1c240c7836be62f0
                                                                                                                                                                                                                                        • Instruction ID: 755f2f60aa7b5495e1796424420a411af56695e80719b69562269dd40e340c4a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99551560bec47f49f8949582e3964fc8d28ddab8a2585b8c1c240c7836be62f0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5A91E865F68A4381EA509FE6E89637D63A1FF88BE8F444436CA1D47664DF3CF4488302
                                                                                                                                                                                                                                        Function 00007FF8E6A34620 Relevance: 31.6, APIs: 14, Strings: 4, Instructions: 119threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Arg_BindCreateParseRestoreSaveTuple
                                                                                                                                                                                                                                        • String ID: The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$|l:CreateBindCtx
                                                                                                                                                                                                                                        • API String ID: 1301558003-347671153
                                                                                                                                                                                                                                        • Opcode ID: f1340e5cf0c8b3c0029515f29edd17b2f74a9bd619c162866b54bf19a6aef238
                                                                                                                                                                                                                                        • Instruction ID: a51e55f8fc4eb05281d6768ef78f810a1366ddc2d29fe4965a35cfa67bd03410
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1340e5cf0c8b3c0029515f29edd17b2f74a9bd619c162866b54bf19a6aef238
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 04513926F28B4282EA109FA5F84627D63A0FF89BE4F484435CE6D07768DF3CE4458702
                                                                                                                                                                                                                                        Function 00007FF8E6A5E7E0 Relevance: 77.3, APIs: 34, Strings: 10, Instructions: 311threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Err_$RestoreSave$Object_$String$Dealloc$InstanceU_object@@$ClearD@@@FormatFrom$Arg_AttrBuildDict_ErrorInfoItemObjectOccurredParseSubclassTupleValue
                                                                                                                                                                                                                                        • String ID: None is not a valid interface object in this context$OOO:BindToStorage$The Python IID map is invalid - the value is not an interface type object$The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$_oleobj_$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                        • API String ID: 857649759-3492286254
                                                                                                                                                                                                                                        • Opcode ID: 2a1410167870d82d36e467dec608afb18f3d0cd4aaca4f1149c7ba6930d6cf38
                                                                                                                                                                                                                                        • Instruction ID: 1e513832a0d4cfab8107c82918d21d46988d41ff6eba7a5c6293cd698b9178b2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a1410167870d82d36e467dec608afb18f3d0cd4aaca4f1149c7ba6930d6cf38
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C2E1F766F28A1281FA10DBA6E85637933A2BF48BD9F444436CE2E57754DF3CE4458302
                                                                                                                                                                                                                                        Function 00007FF8E6A776E0 Relevance: 72.0, APIs: 32, Strings: 9, Instructions: 298memoryCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$Err_Object_$Virtual$CallMethodString$AllocItemLongLong_MemoryOccurredProtectSequence_$Arg_AttrCapsule_D@@@ParseSizeTupleU_object@@
                                                                                                                                                                                                                                        • String ID: O|i:CreateVTable$dispatch$failed to set memory attributes to executable$iid$tear-off not allowed for IUnknown$value is larger than a DWORD$vtbl_argcounts$vtbl_argsizes$win32com universal gateway
                                                                                                                                                                                                                                        • API String ID: 1860013509-2529987451
                                                                                                                                                                                                                                        • Opcode ID: cb413da0f7b6b6980bd4e9bf06c1b678990568758aa5dbf22cf65747a2ac85ac
                                                                                                                                                                                                                                        • Instruction ID: 11d35571ec8a8bc53488f73975a02387ca765187bf37f33f9517636f454edb2f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb413da0f7b6b6980bd4e9bf06c1b678990568758aa5dbf22cf65747a2ac85ac
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 41E16732F29A4281EA618BA1E8563797BA5FF84BE4F444135CE5E467A0EF3CF544C302
                                                                                                                                                                                                                                        Function 00007FF8E6A687C0 Relevance: 68.5, APIs: 29, Strings: 10, Instructions: 278threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$Eval_Thread$Object_String$RestoreSave$Instance$Arg_ClearD@@@DeallocDict_FormatFromItemOccurredParseSubclassTupleU_object@@
                                                                                                                                                                                                                                        • String ID: None is not a valid interface object in this context$O:GetObject$The Python IID map is invalid - the value is not an interface type object$The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$_oleobj_$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                        • API String ID: 2139325478-3498757485
                                                                                                                                                                                                                                        • Opcode ID: 0e7df7a90289c1aa33a49be608aa132a8d610be56a736b997e8764bdb576cb59
                                                                                                                                                                                                                                        • Instruction ID: ea5788bdfbd8dc7fdd730f5eb430745b0396321a589e14d615578e54eb1c1b34
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e7df7a90289c1aa33a49be608aa132a8d610be56a736b997e8764bdb576cb59
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0EC11B66F29A4282FA119FD5E85637823A4BF94BE5F484432CE2E077A5DE3CF445C312
                                                                                                                                                                                                                                        Function 00007FF8E6A49390 Relevance: 63.3, APIs: 28, Strings: 8, Instructions: 270threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$Sequence_String$Dealloc$Eval_Object_Thread$D@@@ItemU_object@@$CheckRestoreSaveSize$Arg_ClearDict_FromParseSubclassTuple
                                                                                                                                                                                                                                        • String ID: One of the GUID's in the list is invalid$One of the GUID's in the required list is invalid$Only None or lists are supported for the params.$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$|OO:EnumClassesOfCategories
                                                                                                                                                                                                                                        • API String ID: 2230229366-796148116
                                                                                                                                                                                                                                        • Opcode ID: 8743fe0d8f47da5325a5878640d18d0f332c97d8731b52bbcf46aeaea04124e8
                                                                                                                                                                                                                                        • Instruction ID: f958ede19b5a5fc52ba4429e335cee676fb3fee80c21aa1d100548f485ecb71e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8743fe0d8f47da5325a5878640d18d0f332c97d8731b52bbcf46aeaea04124e8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87C14A26F29A4281EA709FA6E85637963A0FF88BE5F440435DD6E477A4DE3CF414C302
                                                                                                                                                                                                                                        Function 00007FF8E6A707E0 Relevance: 59.7, APIs: 28, Strings: 6, Instructions: 212threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: String$Bstr@@Eval_FreeObject_ThreadU_object@@$Arg_Err_ParseRestoreSaveTuple
                                                                                                                                                                                                                                        • String ID: None is not a valid interface object in this context$OO|O:RegisterTypeLib$The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$_oleobj_$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                        • API String ID: 1484531722-329016545
                                                                                                                                                                                                                                        • Opcode ID: 94f4dfae61b9118f7a0d4a33fb961363dbd93f1f50520b89a72220a43a081ed3
                                                                                                                                                                                                                                        • Instruction ID: 7db2b949273b712256414d86e4a4df72dd95cecde5c0bce9a8cc56913662c962
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 94f4dfae61b9118f7a0d4a33fb961363dbd93f1f50520b89a72220a43a081ed3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 98B107A6F28B4281EA509FA1E85637963A0FF84BE4F445036DE5E47664DF7CF508C302
                                                                                                                                                                                                                                        Function 00007FF8E6A51680 Relevance: 52.7, APIs: 22, Strings: 8, Instructions: 218threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$Eval_StringThread$FromInstanceLongLong_Object_OccurredRestoreSave
                                                                                                                                                                                                                                        • String ID: HOiii:FORMATETC$OlO:DAdvise$The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$The Python object is invalid$_oleobj_$argument is not a COM object (got type=%s)$td must be None
                                                                                                                                                                                                                                        • API String ID: 1283264418-4244773898
                                                                                                                                                                                                                                        • Opcode ID: 6c6012b5ff3f8fd9771e09d10c41c0513f7b46269cf0830c30963abe0ffb2e24
                                                                                                                                                                                                                                        • Instruction ID: adf5ae1262f42107d65a596281d3fb017bd1b737eb65324c2c43ca1df0161de4
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6c6012b5ff3f8fd9771e09d10c41c0513f7b46269cf0830c30963abe0ffb2e24
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 33B15966F28A42C1FA60DB95E84A3B963A2FF84BD4F544036CE5D47664DF3CE849C702
                                                                                                                                                                                                                                        Function 00007FF8E6A305D0 Relevance: 50.9, APIs: 23, Strings: 6, Instructions: 189COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: AutoBstr@@FreeWin_$Err_$Arg_Bstr@OccurredParseStringTuple
                                                                                                                                                                                                                                        • String ID: OOi|Oi:StgOpenStorage$The Python IID map is invalid - the value is not an interface type object$The Python object is NULL and no error occurred$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                        • API String ID: 2915875948-1305722908
                                                                                                                                                                                                                                        • Opcode ID: 3c43b0d80d8ddee1a4a659751ef55d66f2b29d27b717398d707ce0c395afcbe2
                                                                                                                                                                                                                                        • Instruction ID: 4841d1dc8af92d5f553f1700cc5be25c48dea5bf405e6a4f07d29799faa0976c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3c43b0d80d8ddee1a4a659751ef55d66f2b29d27b717398d707ce0c395afcbe2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 48910526F68A1385FB509FA1E8563BC23A0BB88BE8F444436DD5E57A64DF3CE445C342
                                                                                                                                                                                                                                        Function 00007FF8E6A357D0 Relevance: 50.9, APIs: 22, Strings: 7, Instructions: 170COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$Arg_D@@@Object_OccurredParseStringTupleU_object@@
                                                                                                                                                                                                                                        • String ID: None is not a valid interface object in this context$OO:CoUnmarshalInterface$The Python IID map is invalid - the value is not an interface type object$The Python object is NULL and no error occurred$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                        • API String ID: 656544938-3037632617
                                                                                                                                                                                                                                        • Opcode ID: 769527044b3ff73e3d87d1c196b22d4bf10cf8d2f1d938f52019310975ead038
                                                                                                                                                                                                                                        • Instruction ID: 141966edcf91ac9047711a96b414c4f21debc0f62a80117ccb68c097bec862ca
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 769527044b3ff73e3d87d1c196b22d4bf10cf8d2f1d938f52019310975ead038
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3811861F68A4381EA64AFA5E85637963A0FF88BE4F484032DE5E47765DF3CE404D302
                                                                                                                                                                                                                                        Function 00007FF8E6A2E5A0 Relevance: 47.5, APIs: 26, Strings: 1, Instructions: 233COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CoreFromString@@String_U_object@@$ConcatDeallocUnicode_$Object_Repr
                                                                                                                                                                                                                                        • String ID: com_struct(
                                                                                                                                                                                                                                        • API String ID: 1348223521-96509600
                                                                                                                                                                                                                                        • Opcode ID: 35da03879ab85424f4d57d1c8b54b1f0a117784aceae82a6ae9e7b623466e164
                                                                                                                                                                                                                                        • Instruction ID: 529bfbd4d8db6800f7458ba2709c656a3a853b50c23ebc00c3067aa3a87f05b7
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 35da03879ab85424f4d57d1c8b54b1f0a117784aceae82a6ae9e7b623466e164
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35A15232F6968281EAA58FA1D54A77973A5FF55BE4F084030CE6E06B95DF3CE484C302
                                                                                                                                                                                                                                        Function 00007FF8E6A347E0 Relevance: 47.4, APIs: 22, Strings: 5, Instructions: 176threadregistryCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_Eval_Object_Thread$ActiveArg_D@@@FromInstanceLongLong_ObjectOccurredParseRegisterRestoreSaveStringTupleU_object@@
                                                                                                                                                                                                                                        • String ID: OOi:RegisterActiveObject$The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$_oleobj_$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                        • API String ID: 3800057418-2099300522
                                                                                                                                                                                                                                        • Opcode ID: 16427a8c9fba988c45b28cbd6ef40f2783dc78f2044718523deeb9f8e8af8a16
                                                                                                                                                                                                                                        • Instruction ID: 40cb1f0c0aedceb42117bf1e56a363e6897a8d994b5a1ae72553abdf0b7f9b49
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16427a8c9fba988c45b28cbd6ef40f2783dc78f2044718523deeb9f8e8af8a16
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0A812665F28A4382EA509BA1E84637D63A1FF88BE4F44503ADE5E47764DF3CF4048702
                                                                                                                                                                                                                                        Function 00007FF8E6A33820 Relevance: 47.4, APIs: 20, Strings: 7, Instructions: 175threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$RestoreSave$Err_$DeallocObject_$Arg_BuildCreateErrorFormatFromInfoInstanceMonikerObjectOccurredParsePointerStringTupleU_object@@Value
                                                                                                                                                                                                                                        • String ID: None is not a valid interface object in this context$O:CreatePointerMoniker$The Python IID map is invalid - the value is not an interface type object$The Python object is NULL and no error occurred$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                        • API String ID: 3065001159-2729590346
                                                                                                                                                                                                                                        • Opcode ID: 4899727da42816ca55ef1e7d036be33c2d3628a6623b9210bc7f6a9c6f565c34
                                                                                                                                                                                                                                        • Instruction ID: 880bc9a3102bbce1304ac3f9c5e19b55d824b85ccc2180e57ff16e799606ae59
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4899727da42816ca55ef1e7d036be33c2d3628a6623b9210bc7f6a9c6f565c34
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB711965F2CA4381EA449FA6F85627963A1FF99FE8F484436CE2D47764DF2CE4448302
                                                                                                                                                                                                                                        Function 00007FF8E6A566A0 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 208threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$RestoreSave$Err_Object_$D@@@DeallocFromStringU_object@@$Arg_BuildClearDict_ItemParseSubclassTupleTuple_Value
                                                                                                                                                                                                                                        • String ID: NkN$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$|l:Next
                                                                                                                                                                                                                                        • API String ID: 800545042-842389129
                                                                                                                                                                                                                                        • Opcode ID: c7538cf5906b5fccd9bceabd730ecef40ca55a2468380bbd030d210c334895b1
                                                                                                                                                                                                                                        • Instruction ID: 046d982eb34df2eee2cb74a474e35a29c4e54b22a860e4ba361ce877901086c1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7538cf5906b5fccd9bceabd730ecef40ca55a2468380bbd030d210c334895b1
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0B914765F29A0282EA14DFA1E90637963A2FF49BE0F485535DE6E077A4DF3CE444C702
                                                                                                                                                                                                                                        Function 00007FF8E6A31770 Relevance: 42.3, APIs: 19, Strings: 5, Instructions: 305COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyArg_ParseTuple.PYTHON313 ref: 00007FF8E6A3185E
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A24CFC
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A24D3F
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A24D49
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: GetErrorInfo.OLEAUT32 ref: 00007FF8E6A24D59
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A24D64
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A24D85
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A24D9C
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: ?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z.PYWINTYPES313 ref: 00007FF8E6A24DBC
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: Py_BuildValue.PYTHON313 ref: 00007FF8E6A24DDD
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: _Py_Dealloc.PYTHON313 ref: 00007FF8E6A24DF4
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyErr_SetObject.PYTHON313 ref: 00007FF8E6A24E07
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: _Py_Dealloc.PYTHON313 ref: 00007FF8E6A24E20
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$RestoreSave$Dealloc$Arg_BuildErr_ErrorFromInfoObjectObject_ParseTupleU_object@@Value
                                                                                                                                                                                                                                        • String ID: Allocating MULTIQI array$OOiOO:CoCreateInstanceEx$O|Oii$The SERVERINFO is not in the correct format$authinfo in the SERVERINFO must be None
                                                                                                                                                                                                                                        • API String ID: 1214226025-1504097500
                                                                                                                                                                                                                                        • Opcode ID: 8ac117d4ccb9136820111e6e18c6ab1189ef24eed1adb841d9e04c8bb89fd779
                                                                                                                                                                                                                                        • Instruction ID: 31832bf372ddc8ea1eac438151c4765bd76e968c2bac6e41fa5915658052f51f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ac117d4ccb9136820111e6e18c6ab1189ef24eed1adb841d9e04c8bb89fd779
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4802F932A1CB82C6E760DB95E48536EB3A0FB85794F504136DA8D47BA8DF7CE844CB41
                                                                                                                                                                                                                                        Function 00007FF8E6A308D0 Relevance: 40.4, APIs: 16, Strings: 7, Instructions: 198threadlibraryloaderCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Err_Object_$RestoreSaveU_object@@$AddressArg_ClearD@@@DeallocDict_FormatFreeFromHandleItemKeywordsMem_ModuleParseProcStringSubclassTuple
                                                                                                                                                                                                                                        • String ID: OiiiO&|O:StgOpenStorageEx$Ole32.dll$StgOpenStorageEx$StgOpenStorageEx not supported by this version of Windows$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                        • API String ID: 1531689404-2224397758
                                                                                                                                                                                                                                        • Opcode ID: 8e0d85b12df33b9e38501e22eb155c57a48eccc4e7e82178f20167b50863586b
                                                                                                                                                                                                                                        • Instruction ID: c88c912fd601c05ebc9d0fa2f89c94032f7df5caa403813f3c27997d37e8c9d6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e0d85b12df33b9e38501e22eb155c57a48eccc4e7e82178f20167b50863586b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A0A11432F69A4286EA50DFA1E8523AD23A0BB48BE8F444535DE5E577A4DF3CE505C302
                                                                                                                                                                                                                                        Function 00007FF8E6A36530 Relevance: 40.4, APIs: 19, Strings: 4, Instructions: 172threadcomCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$Eval_Thread$Save$RestoreString$FormatInstanceObject_Occurred$Arg_ParseStreamTuple
                                                                                                                                                                                                                                        • String ID: None is not a valid interface object in this context$OO:OleSaveToStream$The Python object is NULL and no error occurred$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                        • API String ID: 104505675-2248625336
                                                                                                                                                                                                                                        • Opcode ID: 56ea71e791e72cfd76da5e82f14687eda5da52c0a84affbd7ce09b35444f47e5
                                                                                                                                                                                                                                        • Instruction ID: 42fea1d000a50c1ae2e181a8e042e78b9aada8a5a141b631dcb3243d11a23df7
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 56ea71e791e72cfd76da5e82f14687eda5da52c0a84affbd7ce09b35444f47e5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4A810865F28A4381EB44DFA5E85637963A1FF88BE8F485436CE2D47665DF3CE4488302
                                                                                                                                                                                                                                        Function 00007FF8E6A446B0 Relevance: 38.7, APIs: 18, Strings: 4, Instructions: 215COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$String$Memorymalloc
                                                                                                                                                                                                                                        • String ID: ELEMDESCArray must be a sequence of ELEMDESCs$FUNCDESC$SCODE array must be a sequence of integers!$The object is not a PyFUNCDESC
                                                                                                                                                                                                                                        • API String ID: 329545144-3413657444
                                                                                                                                                                                                                                        • Opcode ID: d1ae8bc5980f7c0c72ce9e2be9f77067840cd2467ee6cfe995b66a2247f8e245
                                                                                                                                                                                                                                        • Instruction ID: 66b3d36ec35427cf3c94917bc4b03d64542b0a7ac41ca1d8494e44c2b250bf07
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d1ae8bc5980f7c0c72ce9e2be9f77067840cd2467ee6cfe995b66a2247f8e245
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA915A26F29B8282EA54DFA1E90227873A5FF48BE4B058439CE5D47B54EF3CE451C342
                                                                                                                                                                                                                                        Function 00007FF8E6A6A760 Relevance: 38.7, APIs: 16, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: OOi|i:OpenStream$The 'reserved' parameter (param 2) must be None$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                        • API String ID: 1450464846-2618051897
                                                                                                                                                                                                                                        • Opcode ID: 96904040cdf6b1573a3c5d4f1615fe410f570b750407c8018cb5961c03e18c3e
                                                                                                                                                                                                                                        • Instruction ID: c082abe97d52bbc3dc72bd777a1d682b75a298a0dceebeec3cab6bffd5291e00
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 96904040cdf6b1573a3c5d4f1615fe410f570b750407c8018cb5961c03e18c3e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 45611826F28A4285EB609FA5E85637973A0FF88BD8F544431CE6E477A4DF2CE445C702
                                                                                                                                                                                                                                        Function 00007FF8E6A24870 Relevance: 38.7, APIs: 18, Strings: 4, Instructions: 157COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$DeallocRestore$FetchObject_State___stdio_common_vswprintf$AttrCallClearEnsureExceptionImportImport_MethodModuleNormalizePythonReleaseStringTraceback@@U_object@@00@free
                                                                                                                                                                                                                                        • String ID: _GetLogger_$logger$pythoncom %hs: $win32com
                                                                                                                                                                                                                                        • API String ID: 1729153949-4284417512
                                                                                                                                                                                                                                        • Opcode ID: 8f497a61296da6ed75c4f8688cd41eb60f8be8e53836b21e125204271b273203
                                                                                                                                                                                                                                        • Instruction ID: 5b253a2d594a9cc3f8574308b1469b4fb5b354981e69b62b281c42b3deccf1ec
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8f497a61296da6ed75c4f8688cd41eb60f8be8e53836b21e125204271b273203
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5F613D36F28A42C1EB409B91F9467BAA3A0FB85BE5F441035EE5E03668DF3CE455C702
                                                                                                                                                                                                                                        Function 00007FF8E6A6C580 Relevance: 36.9, APIs: 15, Strings: 6, Instructions: 182COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocState_$Arg_EnsureErr_FromObject_OccurredParseReleaseU_object@@
                                                                                                                                                                                                                                        • String ID: OOizi$OpenStorage$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$Unexpected exception in gateway method '%hs'
                                                                                                                                                                                                                                        • API String ID: 2511297912-945543564
                                                                                                                                                                                                                                        • Opcode ID: b1459725fdbbbfc93cae37e5eaf5b763160eccd130f84c335b6f24072bb8028e
                                                                                                                                                                                                                                        • Instruction ID: 4a35fa50733b0068e4275ceaefdc8091004a2248c049814da8f98dce721e2ca4
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b1459725fdbbbfc93cae37e5eaf5b763160eccd130f84c335b6f24072bb8028e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF815D36F29A4381EA559BA1E84637973A0BF88BD4F445036DD6E477A4EF3CE405C342
                                                                                                                                                                                                                                        Function 00007FF8E6A37800 Relevance: 36.9, APIs: 17, Strings: 4, Instructions: 171threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Err_$RestoreSave$Object_$DeallocFormatFromInstanceOccurredString$Arg_BuildDragDropErrorInfoLongLong_ObjectParseTupleU_object@@Value
                                                                                                                                                                                                                                        • String ID: None is not a valid interface object in this context$OOl:DoDragDrop$The Python object is NULL and no error occurred$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                        • API String ID: 4113370609-1225370506
                                                                                                                                                                                                                                        • Opcode ID: cfcf55015f3f9e4f3267150bf2ccfb7e7b5ebb81ebddf47be08607445d6e7552
                                                                                                                                                                                                                                        • Instruction ID: 16a18d33b7fdbe79c34b5a548b91fdb535dd1b395b7937dcfd557f22f06bfa6e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cfcf55015f3f9e4f3267150bf2ccfb7e7b5ebb81ebddf47be08607445d6e7552
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6081F876F28A4282EB40DFA6E45627963A1FB88FE4F544432DE6E47764DE3CE444C702
                                                                                                                                                                                                                                        Function 00007FF8E6A52570 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 155COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$Err_State_$BuildEnsureLongLong_Object_OccurredReleaseStringSubclassValue
                                                                                                                                                                                                                                        • String ID: DAdvise$Hziii$OlO$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$Unexpected exception in gateway method '%hs'
                                                                                                                                                                                                                                        • API String ID: 2824385799-3352993437
                                                                                                                                                                                                                                        • Opcode ID: 3f746099ed3b6ac0c62d76d8bcca7d8a62772928c212643b2f74fab37b10fd52
                                                                                                                                                                                                                                        • Instruction ID: a0a295193d8a79918480c8703ae2c6c827e3c98adf99f4f536adb8706e6f2063
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f746099ed3b6ac0c62d76d8bcca7d8a62772928c212643b2f74fab37b10fd52
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68615626F29A0282EA54DBE5E85637863A2FF58BE8F444435DE0E03764EF3CE405C702
                                                                                                                                                                                                                                        Function 00007FF8E6A6A500 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 152COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: Oi|ii:CreateStream$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                        • API String ID: 1450464846-2745708741
                                                                                                                                                                                                                                        • Opcode ID: b989ae51c8758499c7d9be28124672b01cba27811aec47f6e2c764abc6dc44fb
                                                                                                                                                                                                                                        • Instruction ID: 3ea4b11a9b94a9b995c5d3a7d32a6e341b141badf815a492475fd838f99d4bf5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b989ae51c8758499c7d9be28124672b01cba27811aec47f6e2c764abc6dc44fb
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75613C26F28A4285EA609FA5E4463B973A0FF88BD4F444031CE6E87754DF3CE445C702
                                                                                                                                                                                                                                        Function 00007FF8E6A483F0 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 139COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: None is not a valid interface object in this context$OO:RegisterObjectParam$The Python object is NULL and no error occurred$The Python object is invalid$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                        • API String ID: 1450464846-488781711
                                                                                                                                                                                                                                        • Opcode ID: 932e8bc1541f4a57b9f8d019d224cf0b72de324ff838107bd98672a256f49077
                                                                                                                                                                                                                                        • Instruction ID: 4ab314aa1c9e0faf5eb1807df5b82826720efec08f7dd3a3b28153ee1a7c0502
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 932e8bc1541f4a57b9f8d019d224cf0b72de324ff838107bd98672a256f49077
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5D510866F28A46C2EA50AFA5F8562B923A0FF84BE4F444432DE5E47764DF3CE445C702
                                                                                                                                                                                                                                        Function 00007FF8E6A54780 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 137threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$RestoreSave$Arg_D@@@Err_FromObject_ParseStringTupleU_object@@
                                                                                                                                                                                                                                        • String ID: :Clone$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                        • API String ID: 4085574066-175512089
                                                                                                                                                                                                                                        • Opcode ID: b36eac7297a6a26ec4338721e727bbe6325d34e46f5a02e79c31ccdf52d653f6
                                                                                                                                                                                                                                        • Instruction ID: b7a8a21c568b5a0b4a5c3ba64d285e68274a70b8137d412b47ce23528e6e93d4
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b36eac7297a6a26ec4338721e727bbe6325d34e46f5a02e79c31ccdf52d653f6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC514B26F29B4281EA54EF96F84626963A1FF89FE4F085036DE5E07764DF2CE4458302
                                                                                                                                                                                                                                        Function 00007FF8E6A48710 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 136threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Err_Object_$RestoreSaveStringU_object@@$Arg_ClearD@@@DeallocDict_FreeFromItemParseTuple
                                                                                                                                                                                                                                        • String ID: O:GetObjectParam$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                        • API String ID: 982989513-2285593136
                                                                                                                                                                                                                                        • Opcode ID: 0c6aaa147ddc43ffcc2bdb254241aff334adc611c78cee1718f5bb1e547f805f
                                                                                                                                                                                                                                        • Instruction ID: 17b861c99915f868d4beddd51a4c5ca5f8e0ac1ad24bb2b147c8b5543ff19f1b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c6aaa147ddc43ffcc2bdb254241aff334adc611c78cee1718f5bb1e547f805f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E3515B26F28A4281EA54AF9AF8563B963A0FF88BE4F484431DE5D07764DF3CE445C302
                                                                                                                                                                                                                                        Function 00007FF8E6A2F7E0 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 135threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyArg_ParseTuple.PYTHON313 ref: 00007FF8E6A2F81A
                                                                                                                                                                                                                                        • ?PyWinObject_AsHANDLE@@YAHPEAU_object@@PEAPEAX@Z.PYWINTYPES313 ref: 00007FF8E6A2F832
                                                                                                                                                                                                                                        • PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A2F84A
                                                                                                                                                                                                                                        • CreateStreamOnHGlobal.OLE32 ref: 00007FF8E6A2F861
                                                                                                                                                                                                                                        • PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A2F86C
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A24CFC
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A24D3F
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A24D49
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: GetErrorInfo.OLEAUT32 ref: 00007FF8E6A24D59
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A24D64
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A24D85
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A24D9C
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: ?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z.PYWINTYPES313 ref: 00007FF8E6A24DBC
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: Py_BuildValue.PYTHON313 ref: 00007FF8E6A24DDD
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: _Py_Dealloc.PYTHON313 ref: 00007FF8E6A24DF4
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyErr_SetObject.PYTHON313 ref: 00007FF8E6A24E07
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: _Py_Dealloc.PYTHON313 ref: 00007FF8E6A24E20
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$RestoreSave$DeallocObject_U_object@@$Arg_BuildCreateErr_ErrorFromGlobalInfoObjectParseStreamTupleValue
                                                                                                                                                                                                                                        • String ID: The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$|Ol:CreateStreamOnHGlobal
                                                                                                                                                                                                                                        • API String ID: 1037806259-2736307125
                                                                                                                                                                                                                                        • Opcode ID: 4ea39f093166fbabd46ce18d5c69cc844c6f91f26552b085ead3aebf3fd760c4
                                                                                                                                                                                                                                        • Instruction ID: a8b84f3d2eea6f4e7e37466b1e72482014191f28944c4b040969b8889fbf322e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4ea39f093166fbabd46ce18d5c69cc844c6f91f26552b085ead3aebf3fd760c4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BE515D72F68B4282EB509F96F84526963A0FB89BE4F485032DE5E07768DF3CE455C702
                                                                                                                                                                                                                                        Function 00007FF8E6A59590 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 126threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Err_RestoreSave$Object_String$Arg_ClearD@@@DeallocDict_FromItemParseSubclassTupleU_object@@
                                                                                                                                                                                                                                        • String ID: :Clone$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                        • API String ID: 1062860496-175512089
                                                                                                                                                                                                                                        • Opcode ID: 6079005cdee7c78722a1383d23de0921af49950048b54dda79b094197a43af5a
                                                                                                                                                                                                                                        • Instruction ID: d615d3557d4c11ad751fd91f8fb4ebe3ed9be58fbce1aef7217070ff3869f047
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6079005cdee7c78722a1383d23de0921af49950048b54dda79b094197a43af5a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A515161F28B4282EE55DB95F95637923A1FF48BD0F445035DE2E0B764DF2CE4548302
                                                                                                                                                                                                                                        Function 00007FF8E6A705C0 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 126threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$RestoreSave$Object_$DeallocErr_U_object@@$D@@@From$Arg_BuildClearDict_ErrorInfoItemLoadObjectParseStringSubclassTupleTypeValue
                                                                                                                                                                                                                                        • String ID: Oii|i:LoadRegTypeLib$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                        • API String ID: 3138176419-3647057581
                                                                                                                                                                                                                                        • Opcode ID: ec829c726a1b92acef0e3b1af064ff5085d7a0be5fe0ea18b45d43c6d7c71660
                                                                                                                                                                                                                                        • Instruction ID: d49fc3c85c0df1eeb67f2035eb5e3e30d304f41e29d2dfd2f0afc82e1552df79
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ec829c726a1b92acef0e3b1af064ff5085d7a0be5fe0ea18b45d43c6d7c71660
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 86516A76F29A4282EA109BA1E85637A63A1FF88BE4F440031DE5E47764DF3CF505CB02
                                                                                                                                                                                                                                        Function 00007FF8E6A5B6C0 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 126threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Err_RestoreSave$Object_String$Arg_ClearD@@@DeallocDict_FromItemParseSubclassTupleU_object@@
                                                                                                                                                                                                                                        • String ID: :Clone$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                        • API String ID: 1062860496-175512089
                                                                                                                                                                                                                                        • Opcode ID: 060d249caad6cc55ff2383f3c8f2a20ac39b2e0ab31acbdef53b5fdd11222669
                                                                                                                                                                                                                                        • Instruction ID: b37bb8ee2a988f80513cba0225694120cff46ab05bf36a5422830ce0fcf6a6e9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 060d249caad6cc55ff2383f3c8f2a20ac39b2e0ab31acbdef53b5fdd11222669
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 11515E65F29A0282EA45DBA6F95637923A1FF88BE5F485035DE2E07764DF2CF4448302
                                                                                                                                                                                                                                        Function 00007FF8E6A32760 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 122threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$RestoreSave$Object_$DeallocErr_U_object@@$D@@@FromObject$ActiveArg_BuildClearDict_ErrorInfoItemParseStringSubclassTupleValue
                                                                                                                                                                                                                                        • String ID: O:GetActiveObject$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                        • API String ID: 666477944-865906367
                                                                                                                                                                                                                                        • Opcode ID: 160be30c11b648129135dc9bdd92db614aee84006a076e4b5ee0b0f26b69ce7f
                                                                                                                                                                                                                                        • Instruction ID: ccf6b8190d67c6f7581d360dcd77e3fc1d6671a795f5d3565fced2151e30aa41
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 160be30c11b648129135dc9bdd92db614aee84006a076e4b5ee0b0f26b69ce7f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CC512525F68B4382EA119FA6E81627963A2FF89BD4F484032DE5E47764DF3CF5058702
                                                                                                                                                                                                                                        Function 00007FF8E6A4C740 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 122threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_Eval_Thread$Object_String$D@@@RestoreSaveU_object@@$Arg_ClearDeallocDict_FromItemParseSubclassTuple
                                                                                                                                                                                                                                        • String ID: O:FindConnectionPoint$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                        • API String ID: 2944609815-947799321
                                                                                                                                                                                                                                        • Opcode ID: 8f363603b0d846cdd7370066f66abd9dea7c91245c72ace473625aa626d59478
                                                                                                                                                                                                                                        • Instruction ID: 227610b6d93ab3eb000f2043632d1f777102c3711c1b02a4baeece8f80cda805
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8f363603b0d846cdd7370066f66abd9dea7c91245c72ace473625aa626d59478
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D510725F2DA4282FA559BA5E85637923A1FF88FE4F484436CD5E07764DF2CF4058702
                                                                                                                                                                                                                                        Function 00007FF8E6A69650 Relevance: 33.4, APIs: 9, Strings: 10, Instructions: 100COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: AuthnLevel$AuthnSvc$AuthzSvc$Capabilities$ClientName$ImpLevel$ServerPrincipalName$The Python object is invalid${s:k, s:k, s:N, s:k, s:k, s:N, s:k}$|k:QueryBlanket
                                                                                                                                                                                                                                        • API String ID: 1450464846-3683017349
                                                                                                                                                                                                                                        • Opcode ID: 8d5648f3a53b37f8b704c62a7fed6cad063a06f48179c54d5d934a325d674f60
                                                                                                                                                                                                                                        • Instruction ID: 761d413d8b353a6c359d0de7520ef327d312c157e959392ce06cfd2e2fa80846
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d5648f3a53b37f8b704c62a7fed6cad063a06f48179c54d5d934a325d674f60
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE51CA75F28B8281DB609B91F8453AAB3A4FB887E0F404136DA9D47B58DF3CE149CB41
                                                                                                                                                                                                                                        Function 00007FF8E6A4B7A0 Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: State_$Arg_DeallocEnsureErr_OccurredParseRelease
                                                                                                                                                                                                                                        • String ID: CopyProxy$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$Unexpected exception in gateway method '%hs'
                                                                                                                                                                                                                                        • API String ID: 2493174349-996941837
                                                                                                                                                                                                                                        • Opcode ID: 5383e767052a61d8738e0192ca9f9f067efcd2ac7f2d98322a038dc462136b28
                                                                                                                                                                                                                                        • Instruction ID: 5a84f3dfae745b34ddd893634e7c99b43034ce5bf64fdb9733a3e2711641e8b3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5383e767052a61d8738e0192ca9f9f067efcd2ac7f2d98322a038dc462136b28
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D2614A32F2DA4781EA559BA5EC5A3B923A1FF54BD8F444035DE1E872A5DF3CE4058302
                                                                                                                                                                                                                                        Function 00007FF8E6A6B6E0 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 134COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$|izi:EnumElements
                                                                                                                                                                                                                                        • API String ID: 1450464846-3979406166
                                                                                                                                                                                                                                        • Opcode ID: 8eb9f69e3a10fdd29bfa279f6bfee57f96b6deed7f3ebab9d1048adfa48e4b67
                                                                                                                                                                                                                                        • Instruction ID: 5dba1744c5b5de0f9155450dbe59886b99851aa8db01ee64711876f5e4005bfc
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8eb9f69e3a10fdd29bfa279f6bfee57f96b6deed7f3ebab9d1048adfa48e4b67
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59513966F28B02C6EA51AFA5F8162A933A0FB84BD4F444031DE6D47764DF3CE455C702
                                                                                                                                                                                                                                        Function 00007FF8E6A4C560 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 124threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_Eval_Thread$String$Object_RestoreSave$Arg_ClearD@@@DeallocDict_FromItemParseSubclassTupleU_object@@
                                                                                                                                                                                                                                        • String ID: :EnumConnectionPoints$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                        • API String ID: 1575696441-1443830432
                                                                                                                                                                                                                                        • Opcode ID: 0712ce87178bfadcc5ff79b18fb1ae64d632417acd71ef3a6a0978a4ee91af76
                                                                                                                                                                                                                                        • Instruction ID: ebd6d6137877d3ff542dc8555498e6386a47eb2a5e1e8f0debbcf52c57eba656
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0712ce87178bfadcc5ff79b18fb1ae64d632417acd71ef3a6a0978a4ee91af76
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B515121F29A4282EA559B96F84637963A0FF48FD4F446435DD2E07764DF2CF445C302
                                                                                                                                                                                                                                        Function 00007FF8E6A63600 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 124COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: :Enum$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                        • API String ID: 1450464846-189679734
                                                                                                                                                                                                                                        • Opcode ID: 4446e3cef71df92bc008aa19c3383b66e5144dc8c268a0179df0e4bf6ee6715c
                                                                                                                                                                                                                                        • Instruction ID: 3f646daf294d55093e6d76aead3e0f7a6b4b658d3d119cf0bed0a909128aed39
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4446e3cef71df92bc008aa19c3383b66e5144dc8c268a0179df0e4bf6ee6715c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 00518E65F28A02C2EE449BA6F95627923A0FF58FD4F446031CE2E07764DF2CE4428342
                                                                                                                                                                                                                                        Function 00007FF8E6A5C770 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 122threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Err_Object_$D@@@RestoreSaveStringU_object@@$Arg_ClearDeallocDict_FromItemParseSubclassTuple
                                                                                                                                                                                                                                        • String ID: The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$lO:GetInterfaceFromGlobal
                                                                                                                                                                                                                                        • API String ID: 1851801493-2228798530
                                                                                                                                                                                                                                        • Opcode ID: 2b643db9d93c435829e43fcdd8038dd61e6c0fb15544c07019dadf1f13470b9d
                                                                                                                                                                                                                                        • Instruction ID: a76a94009768c3c1969dee7f4dff567f1023a76793e37729b6ae546a5856f53d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2b643db9d93c435829e43fcdd8038dd61e6c0fb15544c07019dadf1f13470b9d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC512925F29A4681EA51DFA6E84637923A1FF88BD4F44443ADD5E477A8DF3CF4058302
                                                                                                                                                                                                                                        Function 00007FF8E6A32530 Relevance: 31.6, APIs: 14, Strings: 4, Instructions: 109threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$RestoreSave$D@@@Err_Object_U_object@@$Arg_ClearDeallocDict_FromItemParseStringTuplemalloc
                                                                                                                                                                                                                                        • String ID: O:MakePyFactory$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                        • API String ID: 4274529425-2898015554
                                                                                                                                                                                                                                        • Opcode ID: 973c2a3323ff8601e7fdd29c61675eb4e50f8db31c21d36deea80f50adbc2b51
                                                                                                                                                                                                                                        • Instruction ID: 52507cfe219b2a3a5774865259e37cd1d4728a30329aefaa2041feb77fc747f0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 973c2a3323ff8601e7fdd29c61675eb4e50f8db31c21d36deea80f50adbc2b51
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74513725F29B4282EA109BA2E85637963A1FF89BD5F444035DE5E07755EF2CF0158702
                                                                                                                                                                                                                                        Function 00007FF8E6A4B5A0 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 132COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$Object_$Err_FromState_U_object@@$ClearD@@@Dict_EnsureItemReleaseStringSubclass
                                                                                                                                                                                                                                        • String ID: OkkOkkOk$SetBlanket$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                        • API String ID: 262247152-3502604421
                                                                                                                                                                                                                                        • Opcode ID: 69e1550c865143f93abc2c5dbe027a21671af431d72e09b17e609e6c516d3e25
                                                                                                                                                                                                                                        • Instruction ID: b3750d6d8286e8066376dacdf2a960590dcfe7852d7a425972e91e754575feed
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 69e1550c865143f93abc2c5dbe027a21671af431d72e09b17e609e6c516d3e25
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1351F432F29A4286EB549F95E856369A3A4FF48BD4F088031DE5E86764DF3CE445C702
                                                                                                                                                                                                                                        Function 00007FF8E6A367E0 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 115threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        • The type does not declare a PyCom constructor, xrefs: 00007FF8E6A3695A
                                                                                                                                                                                                                                        • The Python IID map is invalid - the value is not an interface type object, xrefs: 00007FF8E6A36945
                                                                                                                                                                                                                                        • There is no interface object registered that supports this IID, xrefs: 00007FF8E6A36918
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Arg_CreateFreeMem_Object_ParseRestoreSaveTupleTypeU_object@@
                                                                                                                                                                                                                                        • String ID: The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                        • API String ID: 3090418528-49823770
                                                                                                                                                                                                                                        • Opcode ID: 72342bdb87ee1a3938aa2a56cf8c1cc8f4f5ee2aceda1ef5b2974d6841ec6fc6
                                                                                                                                                                                                                                        • Instruction ID: 3cd17bc61ebcbd7cd2552307ab377458e239368d39a2fb28d5d78fc446efb1fb
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 72342bdb87ee1a3938aa2a56cf8c1cc8f4f5ee2aceda1ef5b2974d6841ec6fc6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC513822F68A0382FA159FA5E8563BD63A0FF88BE4F085031DE5E47764DE2CE5448702
                                                                                                                                                                                                                                        Function 00007FF8E6A59760 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 138memoryCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$Object_Sequence_State_Task$AllocatedArg_CheckClearEnsureErr_FreeItemParseReleaseSizeTupleU_object@@
                                                                                                                                                                                                                                        • String ID: Next$OkH
                                                                                                                                                                                                                                        • API String ID: 3476162252-3238013965
                                                                                                                                                                                                                                        • Opcode ID: 9d7feb38b72c6db611414d0762a001691cc7bdf130ddb0bbc7c76efc5698532a
                                                                                                                                                                                                                                        • Instruction ID: 203703c40826046cd7e69f078cc63402e4a6496983c2a6a4b91daf918285d391
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9d7feb38b72c6db611414d0762a001691cc7bdf130ddb0bbc7c76efc5698532a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3516F32F28A82C6EA609FA1E90537963A5FF45BE4F044531DE5E4A7A8DF3CE445C702
                                                                                                                                                                                                                                        Function 00007FF8E6A6C850 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 110COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocObject_$D@@@Err_FromState_U_object@@$ClearDict_EnsureItemReleaseStringSubclass
                                                                                                                                                                                                                                        • String ID: CopyTo$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$iOzO
                                                                                                                                                                                                                                        • API String ID: 2765662280-1985235689
                                                                                                                                                                                                                                        • Opcode ID: 60ff1881b0c57343388ae6595d991673e102030a17b8193bdfeaad21ca51439b
                                                                                                                                                                                                                                        • Instruction ID: 09378bb71e2fcff456187d699e81609a9e463e25dbedde8c549177af783f2e3f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 60ff1881b0c57343388ae6595d991673e102030a17b8193bdfeaad21ca51439b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A941F532F29B4281EB559BA6E84636973A0BF89BD8F084435CE6E47764DF3CE5048702
                                                                                                                                                                                                                                        Function 00007FF8E6A718F0 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 108COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Sequence_$DeallocItem$CheckErr_LongLong_SizeString
                                                                                                                                                                                                                                        • String ID: If the TYPEDESC is of type VT_USERDEFINED, the object must be an integer$SAFEARRAY descriptions are not yet supported$The first sequence item must be an integer$The object is not an TYPEDESC
                                                                                                                                                                                                                                        • API String ID: 3972667259-4167263409
                                                                                                                                                                                                                                        • Opcode ID: 0d4a7940860b962bc09089243b53c8da471959ed3848b1469a49f9e544ca58e9
                                                                                                                                                                                                                                        • Instruction ID: 90e88d008324649c336a5db7c8a07a566907d3b8b9894044934682afde22684a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0d4a7940860b962bc09089243b53c8da471959ed3848b1469a49f9e544ca58e9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8B413731F28A4285EA549FA6E85A37923E0FF44BE4F585031DE5E476A4DF3CF8498302
                                                                                                                                                                                                                                        Function 00007FF8E6A65580 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: OO|l:WriteMultiple$The Python object is invalid$The parameters must be sequences of the same size
                                                                                                                                                                                                                                        • API String ID: 1450464846-1693612115
                                                                                                                                                                                                                                        • Opcode ID: 1711b2138d753c9d91289bf25f30c13331635ed8d0b8214f6a2ba1be5570125a
                                                                                                                                                                                                                                        • Instruction ID: 0bee1fa88610d5e56693e9ccad90241cd8ca77a79a7fad8042f38e596a29e4cc
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1711b2138d753c9d91289bf25f30c13331635ed8d0b8214f6a2ba1be5570125a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CC819132F2868286EA609BA1E40237E73A0FF84BE4F544535DE6D47B96DE3CE445C741
                                                                                                                                                                                                                                        Function 00007FF8E6A297F0 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 137COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$Err_Object_StringTuple_$AttrBuildCallFunctionOccurredValue
                                                                                                                                                                                                                                        • String ID: Unexpected exception in gateway method '%hs'$_InvokeEx_$siiOOO
                                                                                                                                                                                                                                        • API String ID: 1082011530-3980730698
                                                                                                                                                                                                                                        • Opcode ID: 0062d2ca4f67903a05944ad0af091d179b4596e12a77eef2f1ac959c56440191
                                                                                                                                                                                                                                        • Instruction ID: 9f4075967ff8dab2e6239fd51b74756d60c2a8a8536c12f315de4cc61f61f771
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0062d2ca4f67903a05944ad0af091d179b4596e12a77eef2f1ac959c56440191
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 72514932F69A4286EA659BA2E85677863A4BF48FE4F084835DD5D07764DE3CE410C342
                                                                                                                                                                                                                                        Function 00007FF8E6A235D0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 124threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$RestoreSave$Err_$BuildDeallocErrorFromInfoObjectObject_StringU_object@@Value
                                                                                                                                                                                                                                        • String ID: The Python object is invalid$iNOO
                                                                                                                                                                                                                                        • API String ID: 2748234538-3084246592
                                                                                                                                                                                                                                        • Opcode ID: 0835efe054a6d96b3a2d3fc7bec2faa361a97bc142c4265c499df6e4c731c32b
                                                                                                                                                                                                                                        • Instruction ID: ae1991f056905ec15b5750481dd941674160b332dcd2599062e45133b1178216
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0835efe054a6d96b3a2d3fc7bec2faa361a97bc142c4265c499df6e4c731c32b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0514662F28A4282EB549FA6E8567B963A1FF88BD9F044435DE1E47764DF3CE4048302
                                                                                                                                                                                                                                        Function 00007FF8E6A233B0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 124threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$RestoreSave$Err_$BuildDeallocErrorFromInfoObjectObject_StringU_object@@Value
                                                                                                                                                                                                                                        • String ID: The Python object is invalid$iNOO
                                                                                                                                                                                                                                        • API String ID: 2748234538-3084246592
                                                                                                                                                                                                                                        • Opcode ID: 25e05c2f87cc9bcecb6d0c1a7ce6f763572b7691bff139c446e08e1cf84807c3
                                                                                                                                                                                                                                        • Instruction ID: e5c9ca3ece089b59e204ecf5cd99e3aaf06c4dfa379e166ca4b95e9539343b44
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 25e05c2f87cc9bcecb6d0c1a7ce6f763572b7691bff139c446e08e1cf84807c3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13515872F28A4282EB549FA1E8567B963A1FF88BD9F044435DE1E47764DF3CE4048302
                                                                                                                                                                                                                                        Function 00007FF8E6A6E530 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 104threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Dealloc$FromObject_RestoreSaveStringU_object@@$Free$BuildErr_Value$ErrorInfoObject
                                                                                                                                                                                                                                        • String ID: (OOiO)$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 1273995065-2415557319
                                                                                                                                                                                                                                        • Opcode ID: cc195dd4ff7a3e967068ac241a3ea1160ad51fb0976b3b33c1f21a12ccd8400d
                                                                                                                                                                                                                                        • Instruction ID: 1935eda1a075097f5052eb4ab24e38776268a65d0eccc2da3912d8296798f5e4
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc195dd4ff7a3e967068ac241a3ea1160ad51fb0976b3b33c1f21a12ccd8400d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88412736F29B4286EA119FA1F94626973A0FB84BE4F084032DE6D47B64DF3CE4458702
                                                                                                                                                                                                                                        Function 00007FF8E6A375C0 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 100threadregistryCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Err_$Object_RestoreSave$Arg_DragDropFormatInstanceOccurredParseRegisterStringTupleU_object@@
                                                                                                                                                                                                                                        • String ID: None is not a valid interface object in this context$OO:RegisterDragDrop$The Python object is NULL and no error occurred$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                        • API String ID: 3607397969-3968654099
                                                                                                                                                                                                                                        • Opcode ID: 62696f03a00dcb5980d92ca68c852815950309e67918f24be5b2cc809bec748d
                                                                                                                                                                                                                                        • Instruction ID: 86b98ebcee2cfa88f89735f1cfea109cea8554d4bd34cb1d86275f4adcdbc6f8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 62696f03a00dcb5980d92ca68c852815950309e67918f24be5b2cc809bec748d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B41FA66F28A4381EB409FA9F85627963A0FF88BE4B484436DE6D47764DF3CE4448702
                                                                                                                                                                                                                                        Function 00007FF8E6A2F640 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 100threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Err_$Object_RestoreSave$Arg_ClassD@@@FormatInstanceOccurredParseStringTupleU_object@@Write
                                                                                                                                                                                                                                        • String ID: None is not a valid interface object in this context$OO:WriteClassStm$The Python object is NULL and no error occurred$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                        • API String ID: 1895405897-3112024477
                                                                                                                                                                                                                                        • Opcode ID: efdbcf2b1b2f6c4f06ad91ce148d3f1cd4097674158dd83aaeba6cbdc7bf415e
                                                                                                                                                                                                                                        • Instruction ID: 90a520fae94ec66aa2835cc2072a17395f1b1362a2e7c178baf36b3cb5135a7a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: efdbcf2b1b2f6c4f06ad91ce148d3f1cd4097674158dd83aaeba6cbdc7bf415e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84414862FA8A4681EA109FA5E89677923A1FF89BE8F445036DD1E57764DF3CF404C302
                                                                                                                                                                                                                                        Function 00007FF8E6A4E770 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 123threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: free$ClearErr_Eval_ThreadVariant$Arg_MemoryParseRestoreSaveStringTuplemalloc
                                                                                                                                                                                                                                        • String ID: O:SetTypeDescAlias$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 3750051116-4177356974
                                                                                                                                                                                                                                        • Opcode ID: b8cff7fe84e144c80ac6717f38dacabc48e24d30e2b1aa69d3c9b33cfa31064b
                                                                                                                                                                                                                                        • Instruction ID: f490b63906fedb5f7b66f3f9ff4d5e2a6bb2b2d2a57c7c27277a17152fb2882a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b8cff7fe84e144c80ac6717f38dacabc48e24d30e2b1aa69d3c9b33cfa31064b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A8414C26F28A4282EF559F96E84637963A0FF48FE4F094435CE2D47795DE3CE8468302
                                                                                                                                                                                                                                        Function 00007FF8E6A66550 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 122COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocErr_$OccurredState_$EnsureFromLongLong_ReleaseSequence_StringTuple@@Tuple_U_object@@Unsigned
                                                                                                                                                                                                                                        • String ID: (O)$ReadMultiple$Sequence not of required length$Unexpected exception in gateway method '%hs'
                                                                                                                                                                                                                                        • API String ID: 593918470-667573635
                                                                                                                                                                                                                                        • Opcode ID: df32c234d093a31be483a56cb4a80ff0bbce1182497ea2cfb331fcd07c18992d
                                                                                                                                                                                                                                        • Instruction ID: b7c07a892297129cc7db5ef43d10cb8ae7f6802985dc0aa00447b4a26bf240ce
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: df32c234d093a31be483a56cb4a80ff0bbce1182497ea2cfb331fcd07c18992d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0515AB6F29A4282EA599BA1F81637D73A0BF84BD4F455035ED2E47295DE3CE844C303
                                                                                                                                                                                                                                        Function 00007FF8E6A617E0 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 118threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$RestoreSave$Err_$DeallocObject_$Arg_BuildErrorFormatFromInfoInstanceObjectOccurredParseStringTupleU_object@@Value
                                                                                                                                                                                                                                        • String ID: None is not a valid interface object in this context$O:Load$The Python object is NULL and no error occurred$The Python object is invalid$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                        • API String ID: 21361869-1147340033
                                                                                                                                                                                                                                        • Opcode ID: eea6403336c8b20c2181ecfe285304b0c38c2489a850f52a3d672f099405650e
                                                                                                                                                                                                                                        • Instruction ID: 63d161556f9a698af41482da00cec9d6d773a347aa36800bd856c1a69bbf963f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eea6403336c8b20c2181ecfe285304b0c38c2489a850f52a3d672f099405650e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B5515D26F28A4281EB54DF9AF44627927A0FF88FD8B445032DE2D57764DF3CE8448342
                                                                                                                                                                                                                                        Function 00007FF8E6A74630 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Variant$DeallocErr_FromObjectObject_U_object@@$ChangeClearCopyInitTypewsprintf
                                                                                                                                                                                                                                        • String ID: Can't convert vectors!$The Variant type (0x%x) is not supported, and it can not be converted to a string
                                                                                                                                                                                                                                        • API String ID: 2333812007-248213727
                                                                                                                                                                                                                                        • Opcode ID: 3c3ecbe4457ca067b2642cb0f2cff094b4f70ceb9cbf193675c5d1e9bcd4e375
                                                                                                                                                                                                                                        • Instruction ID: eb7087e062a22185b10bc6ab0dab111f377b121f5091c50167f58b44056dbbb5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3c3ecbe4457ca067b2642cb0f2cff094b4f70ceb9cbf193675c5d1e9bcd4e375
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C451A132F28A4281EA249B95E85637963A1FF88BE8F444435DE5E876A4DF3CF554C302
                                                                                                                                                                                                                                        Function 00007FF8E6A61610 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 118threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$RestoreSave$Err_$DeallocObject_$Arg_BuildErrorFormatFromInfoInstanceObjectOccurredParseStringTupleU_object@@Value
                                                                                                                                                                                                                                        • String ID: None is not a valid interface object in this context$O:InitNew$The Python object is NULL and no error occurred$The Python object is invalid$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                        • API String ID: 21361869-4090857235
                                                                                                                                                                                                                                        • Opcode ID: 1e8b6f9860eb3b4ab8c6028b39c653b85af26cd9a4c121a1f94cfb9c1066d278
                                                                                                                                                                                                                                        • Instruction ID: d223a282902c8e4ac2279dc5fb7f5125ef9c08945f5ef7c6944217c80e2a4336
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1e8b6f9860eb3b4ab8c6028b39c653b85af26cd9a4c121a1f94cfb9c1066d278
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91514F79F28A4281EB54DF9AF44627927A0FB48FD8B484432DE2E57764DF3CE8448702
                                                                                                                                                                                                                                        Function 00007FF8E6A26750 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocFromObject_U_object@@$E@@@$BuildD@@@R@@@Value
                                                                                                                                                                                                                                        • String ID: OiOOOOiiOii
                                                                                                                                                                                                                                        • API String ID: 34604411-2542124187
                                                                                                                                                                                                                                        • Opcode ID: 01da27dbc9b3834a4f26d2a800d9d047a6da26ea56720c153e2ef0e9147bd391
                                                                                                                                                                                                                                        • Instruction ID: 5b6ac6fdd468b8743ce4b47ec553e781cbb03fd53cb027a3f4afe3d8a2319a21
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 01da27dbc9b3834a4f26d2a800d9d047a6da26ea56720c153e2ef0e9147bd391
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AF512632F2AB4286EA689F91E449B6973A4FB46BD4F045039DE9D43B94DF3CE444CB01
                                                                                                                                                                                                                                        Function 00007FF8E6A57710 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 112threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Dealloc$ErrorInfoRestoreSaveState_$CreateEnsureInstanceObject_Release
                                                                                                                                                                                                                                        • String ID: Clone$Could not convert the result from Next()/Clone() into the required COM interface
                                                                                                                                                                                                                                        • API String ID: 1840915814-380556627
                                                                                                                                                                                                                                        • Opcode ID: cdf16ca84849ec4929f73966866a357999e830762465b363b5972940b674a09c
                                                                                                                                                                                                                                        • Instruction ID: d1a666ea5097779a0c5f8d47ae8e5f91022842dd6a6a2232e67292d2d422ca7f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cdf16ca84849ec4929f73966866a357999e830762465b363b5972940b674a09c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23414D36F28A4282EB00DFA9E84527967A1FF84BE9F144431DE1E93764DE3DE445C702
                                                                                                                                                                                                                                        Function 00007FF8E6A785F0 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 106COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: D@@@Object_U_object@@$Arg_Err_FromLong_OccurredParseTupleVoid
                                                                                                                                                                                                                                        • String ID: OO:interface$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                        • API String ID: 2720818191-2917659827
                                                                                                                                                                                                                                        • Opcode ID: 203365e1fb73e54ed11148d8af82675ea2f01e149807c097d02a3177eb9438e4
                                                                                                                                                                                                                                        • Instruction ID: 3449f5864002932855c49ba69c77348d5118f58b7c09236779e435bfca084ff1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 203365e1fb73e54ed11148d8af82675ea2f01e149807c097d02a3177eb9438e4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8B417C32F29A4682FA509BA5E45637963A1FF89BE8F444035DE1E07764EF2CF501C702
                                                                                                                                                                                                                                        Function 00007FF8E6A637D0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 154COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: State_$D@@@EnsureErr_FromObject_OccurredReleaseU_object@@
                                                                                                                                                                                                                                        • String ID: Create$OOkk$Unexpected exception in gateway method '%hs'
                                                                                                                                                                                                                                        • API String ID: 2785446524-1760439019
                                                                                                                                                                                                                                        • Opcode ID: 494efaa52a05e6433ae5abe11b8bdeab3002ac92e59e3c794385f55662933602
                                                                                                                                                                                                                                        • Instruction ID: 8cadcfec41a05f0f0812d58e421d0519c75a4d70fadd44c6ca8aed088ec2f845
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 494efaa52a05e6433ae5abe11b8bdeab3002ac92e59e3c794385f55662933602
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E3616B32F29A4381EA558BA1E8163BD73A0BF94BD8F445035DE6E47764DE3CE406CB42
                                                                                                                                                                                                                                        Function 00007FF8E6A45700 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 111threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Dealloc$ErrorInfoRestoreSaveState_$CreateEnsureInstanceObject_Release
                                                                                                                                                                                                                                        • String ID: Clone
                                                                                                                                                                                                                                        • API String ID: 1840915814-766296796
                                                                                                                                                                                                                                        • Opcode ID: 909109a676974ca5c0b65825404e38c8476b1a38b6b20eb16df2f45408d6e7e5
                                                                                                                                                                                                                                        • Instruction ID: 86d0f6eea8f625cdbb6ccd1aa8bf5b5fcdbb32e9bc6aa9896b7d018ebf3219d9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 909109a676974ca5c0b65825404e38c8476b1a38b6b20eb16df2f45408d6e7e5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 12413D36F28A42C2EB049FA5E84526963A1FF88FE5F144031DE0E87765DE3DE445C702
                                                                                                                                                                                                                                        Function 00007FF8E6A55510 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 111threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Dealloc$ErrorInfoRestoreSaveState_$CreateEnsureInstanceObject_Release
                                                                                                                                                                                                                                        • String ID: Clone
                                                                                                                                                                                                                                        • API String ID: 1840915814-766296796
                                                                                                                                                                                                                                        • Opcode ID: 9a8e1870d0b0de3aea17637ca6d30a07277ba3c55849ffd086a404bf67c098b9
                                                                                                                                                                                                                                        • Instruction ID: 73eaae645025f7dc45159627f2bda2a5688f7ec8a108cbb60d22261ab12069fc
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9a8e1870d0b0de3aea17637ca6d30a07277ba3c55849ffd086a404bf67c098b9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 63413036F28B4282EB04DFA5D84526963A2FF84BE9F154031CE1D47B65DE3DE445C702
                                                                                                                                                                                                                                        Function 00007FF8E6A5A560 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 111threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Dealloc$ErrorInfoRestoreSaveState_$CreateEnsureInstanceObject_Release
                                                                                                                                                                                                                                        • String ID: Clone
                                                                                                                                                                                                                                        • API String ID: 1840915814-766296796
                                                                                                                                                                                                                                        • Opcode ID: 04e78f68a47a3c54a56807dbed01e187d6cda0be471370c1f19c097e57bc805c
                                                                                                                                                                                                                                        • Instruction ID: 7a689bfedfd25156e63c004b5bb13adc1bf0924e82a03a560e2503bada6cd335
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 04e78f68a47a3c54a56807dbed01e187d6cda0be471370c1f19c097e57bc805c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A9412A36F28A0282EB00DFA9E85526963A1FB98BE9F554031CF0D43B64DE3DE445C702
                                                                                                                                                                                                                                        Function 00007FF8E6A3C690 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 108COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocErr_Object_State_$ClearD@@@Dict_EnsureFromItemReleaseStringSubclassU_object@@
                                                                                                                                                                                                                                        • String ID: Save$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                        • API String ID: 643398647-2418897439
                                                                                                                                                                                                                                        • Opcode ID: f0b18900921c0ab46cabfe901ff53355117424175df26e0dc67bf54f0be26565
                                                                                                                                                                                                                                        • Instruction ID: eade3868497a676f94636c5e69cfd45164f50c2d2716d45c3fc1c2b923651b43
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f0b18900921c0ab46cabfe901ff53355117424175df26e0dc67bf54f0be26565
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E417C62F28A9281EB509BA6E81637963B0FF85BE4F449035DE5E07795DF3CE844C302
                                                                                                                                                                                                                                        Function 00007FF8E6A3C680 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 104COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocErr_Object_State_$ClearD@@@Dict_EnsureFromItemReleaseStringSubclassU_object@@
                                                                                                                                                                                                                                        • String ID: Load$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                        • API String ID: 643398647-1545106082
                                                                                                                                                                                                                                        • Opcode ID: d742f415906d342ef1bcedfd1f57f0845aa8e523bdc6ce8ee25765792b09f493
                                                                                                                                                                                                                                        • Instruction ID: 241d0eccb1f227d2a0871eceb8ea0a7f2b03e541dc44c7635c094b8a63c1bc13
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d742f415906d342ef1bcedfd1f57f0845aa8e523bdc6ce8ee25765792b09f493
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A7414D32F28A4682EA549BA6E85637863B0FF45BE4F445035DE5E47794EF3CE409C702
                                                                                                                                                                                                                                        Function 00007FF8E6A237E0 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 96memoryCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$Dealloc$AllocClearExceptionGivenMatchesString$FetchFormatPythonTraceback@@U_object@@00@
                                                                                                                                                                                                                                        • String ID: %s%s$Python COM Server Internal Error$Unexpected Python Error:
                                                                                                                                                                                                                                        • API String ID: 766691455-245474060
                                                                                                                                                                                                                                        • Opcode ID: 1c7ce6dff1decef65a447aa893d442d3e82c6ae581f46efb95c70f5c55d476cd
                                                                                                                                                                                                                                        • Instruction ID: 2a1a8dff0cff5c384f718116b286be878f3383c7fb7ea1c6c1bfbbf99a390c65
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c7ce6dff1decef65a447aa893d442d3e82c6ae581f46efb95c70f5c55d476cd
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FB41A032F29B4282EA508F91E855379A3A0FF96BE4F005131EE5E42B64DF7CE0908701
                                                                                                                                                                                                                                        Function 00007FF8E6A46390 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 94COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocErr_Object_State_$ClearD@@@Dict_EnsureFromItemReleaseStringSubclassU_object@@
                                                                                                                                                                                                                                        • String ID: Save$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                        • API String ID: 643398647-2418897439
                                                                                                                                                                                                                                        • Opcode ID: abdd2a7e4cb69196a14d6d395e8a2cb25cf6a08dd9f15bc3226e7f6c0fac2060
                                                                                                                                                                                                                                        • Instruction ID: 214503f4596b8205209e61574b120c9a3fb8dd30a226d99e6cb34d5a340ea40a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: abdd2a7e4cb69196a14d6d395e8a2cb25cf6a08dd9f15bc3226e7f6c0fac2060
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3B414526F29A4282EF519FA1E96637863B0BF49BE4F485431CE6D47764DF3CE4488302
                                                                                                                                                                                                                                        Function 00007FF8E6A46500 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 90COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocErr_Object_State_$ClearD@@@Dict_EnsureFromItemReleaseStringSubclassU_object@@
                                                                                                                                                                                                                                        • String ID: SaveCompleted$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                        • API String ID: 643398647-1391842039
                                                                                                                                                                                                                                        • Opcode ID: 27935d292763f3edf9d06bd5aeef85a57339d2f72af13c1a67d55c8e29470a8c
                                                                                                                                                                                                                                        • Instruction ID: 1ea6cbd8bb6ffab3ef2f6c63f8385414d7d974c187f76283096f28bb57e95ea7
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 27935d292763f3edf9d06bd5aeef85a57339d2f72af13c1a67d55c8e29470a8c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 96412666F29A4282EA549BA5E84637863B0FF89BD8F085431CE5E07769DF3CE405C303
                                                                                                                                                                                                                                        Function 00007FF8E6A42800 Relevance: 21.1, APIs: 14, Instructions: 120COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyDict_New.PYTHON313(?,?,00000000,00007FF8E6A42E19,?,?,?,?,00007FF8E6A43FBB,?,?,?,?,00000000,00007FF8E6A2CDCA), ref: 00007FF8E6A4283C
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dict_
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3613996275-0
                                                                                                                                                                                                                                        • Opcode ID: 6c18a5c0e70239ba1c5fed97653a769d8cac3d3fb629dc6170e410f9538843e9
                                                                                                                                                                                                                                        • Instruction ID: 148472bacea31fa2cb4e6a1dd494396fc49639d7195570a469a3de8fc41dddfa
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6c18a5c0e70239ba1c5fed97653a769d8cac3d3fb629dc6170e410f9538843e9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 81513935F29A4381FA989B92E95633D63A2BF48BE4F084034DE1E46795EF2DE4518302
                                                                                                                                                                                                                                        Function 00007FF8E6A25770 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 84COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$Err_Object_Sequence_$AttrBuildCallItemNoneOccurredSizeStringValue
                                                                                                                                                                                                                                        • String ID: (i)$Next
                                                                                                                                                                                                                                        • API String ID: 1124991884-3223589528
                                                                                                                                                                                                                                        • Opcode ID: 34caed0f8f93715f5ed9c4dfa8db37e11f0ee9a253f27da2f60fd084c3600fed
                                                                                                                                                                                                                                        • Instruction ID: 4514ccfd7f7178ea2d44aa27df15b384c78ecc04aabc8204745352a0770898f0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 34caed0f8f93715f5ed9c4dfa8db37e11f0ee9a253f27da2f60fd084c3600fed
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 38316F32F39A0285EA44AF92E94627973A0FF58BE4F484434DE6E07795EF3CE4409702
                                                                                                                                                                                                                                        Function 00007FF8E6A73650 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 125COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_Variantfree$ClearInitLongLong_MemoryStringmalloc
                                                                                                                                                                                                                                        • String ID: If varkind==VAR_PERINSTANCE, value attribute must be an integer$Object is not a VARDESC.$PyObject_AsVARDESC has unknown varkind (%d) - None will be used
                                                                                                                                                                                                                                        • API String ID: 2475635751-3241272580
                                                                                                                                                                                                                                        • Opcode ID: 3da1aa0dd26f72acb2fcc2149e3f6d56ba6d94744b0eac69ede12bd99724e0d4
                                                                                                                                                                                                                                        • Instruction ID: fe4a3697b5901ac14f8fd81e01a5bff220b85832dd91671d93a010a540b7cbdd
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3da1aa0dd26f72acb2fcc2149e3f6d56ba6d94744b0eac69ede12bd99724e0d4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8514762B29A4286EB64CB96E44227A73E4FB58FE4B1A4835CE4D03750DE3CF4618712
                                                                                                                                                                                                                                        Function 00007FF8E6A2C780 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 83COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Bstr@@$AutoFreeWin_$Arg_Bstr@Err_Object_ParseStringTupleU_object@@
                                                                                                                                                                                                                                        • String ID: Ol:DeleteMemberByName$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 879225695-3479644615
                                                                                                                                                                                                                                        • Opcode ID: 863c9b68c3fddfa7151b64f374d761b74c54e888c73aab06af9a1f6da5f26627
                                                                                                                                                                                                                                        • Instruction ID: 22ee23c8b7c5f9074880a54ab914f16d25a501105e9a1ecd1e26f7a23a99336f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 863c9b68c3fddfa7151b64f374d761b74c54e888c73aab06af9a1f6da5f26627
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5A314526F28A4282EB509F95E84676963B0FF48BE4B484431DE5E47B64DF3CE545C701
                                                                                                                                                                                                                                        Function 00007FF8E6A296C0 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$Object_StringTuple_$AttrBuildCallErr_FunctionValue
                                                                                                                                                                                                                                        • String ID: _InvokeEx_$siiOOO
                                                                                                                                                                                                                                        • API String ID: 3869705896-1807603863
                                                                                                                                                                                                                                        • Opcode ID: 1eb1da2683709897c2077d7f93064814e8a9198ab902c39743d797410abefaa5
                                                                                                                                                                                                                                        • Instruction ID: 71b3f828f3222313acc0fe68ecb61f2b460d07df201cca26b87dff6639e817a1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1eb1da2683709897c2077d7f93064814e8a9198ab902c39743d797410abefaa5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2F312831F28A4281EA548FA2E84672963A1FF44FE4F084834DE5E07B95DF3CE4508342
                                                                                                                                                                                                                                        Function 00007FF8E6A26540 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 75threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$String$Eval_Thread$FormatInstanceObject_OccurredRestoreSave
                                                                                                                                                                                                                                        • String ID: None is not a valid interface object in this context$The Python object is NULL and no error occurred$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                        • API String ID: 2512274376-1399825911
                                                                                                                                                                                                                                        • Opcode ID: ad02bf3bf8136d650288c93cbd541d9e694507540efebfc7e15c368e034df372
                                                                                                                                                                                                                                        • Instruction ID: e5ee62c762d4d41fdf3d122aebc5fba00b75f0ae9a6a1857c0ba2d733714da2b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ad02bf3bf8136d650288c93cbd541d9e694507540efebfc7e15c368e034df372
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C4314D61F29A4382EB149BA2E85677923A0FF48BE8F545432CD1E47765DE3CF4048302
                                                                                                                                                                                                                                        Function 00007FF8E6A5B3A0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 122threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocErr_Eval_ThreadVariant$Arg_ClearFromInitObjectObject_ParseRestoreSaveStringTupleTuple_U_object@@
                                                                                                                                                                                                                                        • String ID: The Python object is invalid$|l:Next
                                                                                                                                                                                                                                        • API String ID: 3007185450-1850198577
                                                                                                                                                                                                                                        • Opcode ID: 87313b80837f58485680c8af16523fefa3cd301076a0e76e83b3ef8eed4fbde0
                                                                                                                                                                                                                                        • Instruction ID: 0f1747191d3182633cd42655bb9fd30c7506cef8cd094c419e01e5d98c6cecff
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 87313b80837f58485680c8af16523fefa3cd301076a0e76e83b3ef8eed4fbde0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3518D32F29A4282EA14CF95E4562B9A3A1FF84BE5F444536DE0E17794DF7CE445C301
                                                                                                                                                                                                                                        Function 00007FF8E6A5D540 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$FromState_$Bytes_ClearEnsureErr_LongLong_Object_R@@@ReleaseSizeStringU_object@@
                                                                                                                                                                                                                                        • String ID: WriteAt
                                                                                                                                                                                                                                        • API String ID: 773893014-3181200592
                                                                                                                                                                                                                                        • Opcode ID: 4a2213de3460aeb0b16fbdbf26ea12160fc0ddc62398d65229413acec56dd0b9
                                                                                                                                                                                                                                        • Instruction ID: 6aeefaaa0bbca0c8767fe5558d35d501cc8aae7318ea3d1bdebe1557106a5850
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4a2213de3460aeb0b16fbdbf26ea12160fc0ddc62398d65229413acec56dd0b9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C8415872F29B4682EB50AFA0E80632973A1FB44BE4F044035DE5E47B94EE3CE4468702
                                                                                                                                                                                                                                        Function 00007FF8E6A6F820 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 79threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$RestoreSave$Dealloc$BuildErr_FromObject_U_object@@Value$D@@@ErrorInfoObjectString
                                                                                                                                                                                                                                        • String ID: Oiiiii$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 3592653497-2154538676
                                                                                                                                                                                                                                        • Opcode ID: 1402801302b611fb45990ad6508dd1b62de0f3a39aa8c61706d9c9604194c9f2
                                                                                                                                                                                                                                        • Instruction ID: 26413a14fc92aa6352d08bb97bf06439ca605ff0bd41747950b10adc0199123e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1402801302b611fb45990ad6508dd1b62de0f3a39aa8c61706d9c9604194c9f2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 04311A76F28B4682EB509FA2E505269B3A1FB44BD4B044036DE6E17B68DF3CE454C702
                                                                                                                                                                                                                                        Function 00007FF8E6A75642 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        • The type does not declare a PyCom constructor, xrefs: 00007FF8E6A757A1
                                                                                                                                                                                                                                        • The Python IID map is invalid - the value is not an interface type object, xrefs: 00007FF8E6A7578C
                                                                                                                                                                                                                                        • There is no interface object registered that supports this IID, xrefs: 00007FF8E6A7576F
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_Object_$ArrayClearD@@@DeallocDict_ElementFromItemSafeStringSubclassU_object@@
                                                                                                                                                                                                                                        • String ID: The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                        • API String ID: 2284677161-49823770
                                                                                                                                                                                                                                        • Opcode ID: ca4ee01924e71e3c8d2cc8fdfc44f10300fd32edfd50ccf10bd46108cc7d02a1
                                                                                                                                                                                                                                        • Instruction ID: 6f526901feb75bcdd857d60bc7021ebe1d3995ce2a2605006d8d67717479594a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ca4ee01924e71e3c8d2cc8fdfc44f10300fd32edfd50ccf10bd46108cc7d02a1
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16310A21F29A02C1FA55AB96E86637823A1BF44BE4F488431CD1E4B795DF3CF505D302
                                                                                                                                                                                                                                        Function 00007FF8E6A30500 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 58threadfileCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Bstr@@$AutoFreeWin_$Eval_Thread$Arg_Bstr@FileObject_ParseRestoreSaveStorageTupleU_object@@
                                                                                                                                                                                                                                        • String ID: O:StgIsStorageFile
                                                                                                                                                                                                                                        • API String ID: 3481950447-3657482639
                                                                                                                                                                                                                                        • Opcode ID: cef4aefa2ef294e73bef1be710c66d3b5a0e0171d6d7720813303fbecad44a49
                                                                                                                                                                                                                                        • Instruction ID: 2fb08e01ca9436bfb7f4dc96d7473f60bebd6d71be246696279b9d25c1895159
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cef4aefa2ef294e73bef1be710c66d3b5a0e0171d6d7720813303fbecad44a49
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7216322F2CA4382EB009FA5F85227AA361FFC8BE5F484435DE5E46664DE7CE545C701
                                                                                                                                                                                                                                        Function 00007FF8E6A24380 Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • OutputDebugStringW.KERNEL32(?,?,00000000,00000000,00007FF8E6A249DA), ref: 00007FF8E6A2438A
                                                                                                                                                                                                                                        • PyErr_Fetch.PYTHON313(?,?,00000000,00000000,00007FF8E6A249DA), ref: 00007FF8E6A2439F
                                                                                                                                                                                                                                        • PySys_GetObject.PYTHON313(?,?,00000000,00000000,00007FF8E6A249DA), ref: 00007FF8E6A243AC
                                                                                                                                                                                                                                        • ?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z.PYWINTYPES313(?,?,00000000,00000000,00007FF8E6A249DA), ref: 00007FF8E6A243C2
                                                                                                                                                                                                                                        • PyFile_WriteObject.PYTHON313(?,?,00000000,00000000,00007FF8E6A249DA), ref: 00007FF8E6A243DC
                                                                                                                                                                                                                                        • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,00000000,00000000,00007FF8E6A249DA), ref: 00007FF8E6A243EB
                                                                                                                                                                                                                                        • fprintf.MSPDB140-MSVCRT ref: 00007FF8E6A243FE
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A21C00: __stdio_common_vfwprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF8E6A21C37
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON313(?,?,00000000,00000000,00007FF8E6A249DA), ref: 00007FF8E6A24411
                                                                                                                                                                                                                                        • PyErr_Restore.PYTHON313(?,?,00000000,00000000,00007FF8E6A249DA), ref: 00007FF8E6A2442B
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_Object$DeallocDebugFetchFile_FromObject_OutputRestoreStringSys_U_object@@Write__acrt_iob_func__stdio_common_vfwprintffprintf
                                                                                                                                                                                                                                        • String ID: stderr
                                                                                                                                                                                                                                        • API String ID: 1123423785-1769798200
                                                                                                                                                                                                                                        • Opcode ID: 8ec8b82474e6eb592134d3c257bdc853be526ce0a1b0aae09fabf301b45a2e80
                                                                                                                                                                                                                                        • Instruction ID: d7ddaed417466a30f5933e0d93c4854c111304a4c7035f9eef05a268e0d2d7ed
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ec8b82474e6eb592134d3c257bdc853be526ce0a1b0aae09fabf301b45a2e80
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90118F21F69A8382EA149FD1F8097A963A0FF45BE9F040035CE0E47BA4DE7CE445C702
                                                                                                                                                                                                                                        Function 00007FF8E6A66710 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 100COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_OccurredState_$DeallocEnsureFromLongLong_ReleaseTuple_Unsigned
                                                                                                                                                                                                                                        • String ID: OOk$Unexpected exception in gateway method '%hs'$WriteMultiple
                                                                                                                                                                                                                                        • API String ID: 2158939024-700270164
                                                                                                                                                                                                                                        • Opcode ID: bfa9299037753223d637199191b44cbd4750cebe2a17dfd8ac4160e460269bca
                                                                                                                                                                                                                                        • Instruction ID: 7840d1c0765947c9e32ed52f9a4e40d09cf518211b046d29dd66ce3073e89562
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bfa9299037753223d637199191b44cbd4750cebe2a17dfd8ac4160e460269bca
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9141C572F2964282EB149BE1E81637D73A0BF59BE4F445135DD2E47395EE3CE8058342
                                                                                                                                                                                                                                        Function 00007FF8E6A6B8D0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: O:DestroyElement$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 1450464846-3564787880
                                                                                                                                                                                                                                        • Opcode ID: 7e5c85f843a68c7219634350855d3d65e638f2bba635a558cd3caab827ab1134
                                                                                                                                                                                                                                        • Instruction ID: 32051a9e3738c3bdd84d77d708601ad6c07bb73a30b97ffce99cfabb35b18f0e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e5c85f843a68c7219634350855d3d65e638f2bba635a558cd3caab827ab1134
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62315E76F28B4282EB108F96F44226A73A0FF88BD4B484032DE6D57759DF2CE4558702
                                                                                                                                                                                                                                        Function 00007FF8E6A497F0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 71threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Object_ThreadU_object@@$Arg_D@@@Err_FreeFromParseRestoreSaveStringTaskTuple
                                                                                                                                                                                                                                        • String ID: Oi:GetCategoryDesc$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 2389965454-2511023430
                                                                                                                                                                                                                                        • Opcode ID: f1723b7e4a5ec9944ab32fc7b86149826884fe2473ac46586f064ff5a3ef2693
                                                                                                                                                                                                                                        • Instruction ID: 772327fc19c84b535c18cace597e3d874d05cff984029dafc15a58d7bdb66ba7
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1723b7e4a5ec9944ab32fc7b86149826884fe2473ac46586f064ff5a3ef2693
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 17316335F28A4282FA20DB65F81626963B1FF88BD0F440132DE5D47764DF3CE0558B01
                                                                                                                                                                                                                                        Function 00007FF8E6A6D590 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: BufferView@@$Arg_Err_ParseStringTupleU_object@@_
                                                                                                                                                                                                                                        • String ID: O:Write$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 3115018833-1308731851
                                                                                                                                                                                                                                        • Opcode ID: 36eb1ce19007f081643fde96cceabc39554f65799b544aa68779cb1b077ba7db
                                                                                                                                                                                                                                        • Instruction ID: 2c8e86f20aadc45898ec9db209867dd413d380a0dca3fee9cbab33fa2e542396
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 36eb1ce19007f081643fde96cceabc39554f65799b544aa68779cb1b077ba7db
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F318026F28A8282EB209FA5E5467AD7360FB48BD0F144536DE6D43B54DF3CE845C741
                                                                                                                                                                                                                                        Function 00007FF8E6A60760 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: :GetCurFile$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 1450464846-626749715
                                                                                                                                                                                                                                        • Opcode ID: 3fde0b46b73db07d57f64e9f72c0ba823cbefefd96052af8cc0ffe1137d4559e
                                                                                                                                                                                                                                        • Instruction ID: e83870ddf67200dc2debb205d8633067e377ce553b5405e88b9f8ea78ce0b1df
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3fde0b46b73db07d57f64e9f72c0ba823cbefefd96052af8cc0ffe1137d4559e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 49213065F28A42C2EF449BA6F95626963A0FF88FE4F441036DE2E47764DE2CE4858701
                                                                                                                                                                                                                                        Function 00007FF8E6A74788 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: FromVariant$ChangeClearDeallocErr_LongLong_ObjectObject_TypeU_object@@Unsignedwsprintf
                                                                                                                                                                                                                                        • String ID: Error converting integer variant (%08lx)
                                                                                                                                                                                                                                        • API String ID: 4276419876-2415472848
                                                                                                                                                                                                                                        • Opcode ID: e8ec41523bde636587c9265a88dd70d5d4b60bd7799250d058a81c2bcae22ddf
                                                                                                                                                                                                                                        • Instruction ID: 9c8fad0eb69962ce1fb7a1893b1f9b90ce5f3c7c535d803a5929d064603b457d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e8ec41523bde636587c9265a88dd70d5d4b60bd7799250d058a81c2bcae22ddf
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE116032F2C54681EA209BA2E45637D2364FF94BE5F400135CD5E47AA5DE3CF544C702
                                                                                                                                                                                                                                        Function 00007FF8E6A2D850 Relevance: 15.2, APIs: 10, Instructions: 166COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • SafeArrayGetRecordInfo.OLEAUT32 ref: 00007FF8E6A2D87D
                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32 ref: 00007FF8E6A2D893
                                                                                                                                                                                                                                        • SafeArrayGetUBound.OLEAUT32 ref: 00007FF8E6A2D8AF
                                                                                                                                                                                                                                        • SafeArrayGetLBound.OLEAUT32 ref: 00007FF8E6A2D8CB
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A79E90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8E6A22343), ref: 00007FF8E6A79EAA
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A2D6D0: PyMem_Malloc.PYTHON313(?,?,?,00007FF8E6A2D924,?,?,?,?,?,00000000,?,?,?,00007FF8E6A75AD9), ref: 00007FF8E6A2D6DC
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A2D6D0: PyErr_NoMemory.PYTHON313(?,?,?,00007FF8E6A2D924,?,?,?,?,?,00000000,?,?,?,00007FF8E6A75AD9), ref: 00007FF8E6A2D6EA
                                                                                                                                                                                                                                        • PyErr_Occurred.PYTHON313(?,?,?,?,?,00000000,?,?,?,00007FF8E6A75AD9), ref: 00007FF8E6A2D927
                                                                                                                                                                                                                                        • PyTuple_New.PYTHON313(?,?,?,?,?,00000000,?,?,?,00007FF8E6A75AD9), ref: 00007FF8E6A2D942
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A79E90: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF8E6A79EC0
                                                                                                                                                                                                                                        • _Py_NewReference.PYTHON313(?,?,?,?,?,00000000,?,?,?,00007FF8E6A75AD9), ref: 00007FF8E6A2D9C6
                                                                                                                                                                                                                                        • PyMem_Free.PYTHON313(?,?,?,?,?,00000000,?,?,?,00007FF8E6A75AD9), ref: 00007FF8E6A2DA60
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON313(?,?,?,?,?,00000000,?,?,?,00007FF8E6A75AD9), ref: 00007FF8E6A2DA87
                                                                                                                                                                                                                                        • SafeArrayUnaccessData.OLEAUT32 ref: 00007FF8E6A2DAA8
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ArraySafe$BoundDataErr_Mem_$AccessConcurrency::cancel_current_taskDeallocFreeInfoMallocMemoryOccurredRecordReferenceTuple_Unaccessmalloc
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3374195655-0
                                                                                                                                                                                                                                        • Opcode ID: 339e496a91d21ba1a5867bbc73f296e026e09167465dd4ad7b87898307b7828b
                                                                                                                                                                                                                                        • Instruction ID: 84d4ba0498a42a7d5839b67cf9c22a363a160c247b00e8d2b160bb79a7bded4c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 339e496a91d21ba1a5867bbc73f296e026e09167465dd4ad7b87898307b7828b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 65615732B2CA4286EB249FA2E445B6A77A0FB84BD4F448035DE8E47B59DF3CE545C701
                                                                                                                                                                                                                                        Function 00007FF8E6A79640 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: InitVariant
                                                                                                                                                                                                                                        • String ID: unknown variant type
                                                                                                                                                                                                                                        • API String ID: 1927566239-2165200444
                                                                                                                                                                                                                                        • Opcode ID: 954d14f0133bfb4bea6269916dd5180d64b8d3310eb401cfef66ba1d15822076
                                                                                                                                                                                                                                        • Instruction ID: b294a2f2c3d1da219c5912a940ce60b76711745c8628aa3063d9b2f2fe123fd6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 954d14f0133bfb4bea6269916dd5180d64b8d3310eb401cfef66ba1d15822076
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F418E26F2859285EA309B95E4523792361FF98BE9F440432DE9E877A4DF2CF544D302
                                                                                                                                                                                                                                        Function 00007FF8E6A58650 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 104threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Arg_DeallocErr_ParseRestoreSaveStringTupleTuple_
                                                                                                                                                                                                                                        • String ID: The Python object is invalid$|l:Next
                                                                                                                                                                                                                                        • API String ID: 87469785-1850198577
                                                                                                                                                                                                                                        • Opcode ID: af9c210fefccbc457e52e0612269b292e2dcf906247e6ce514851a0417ee648d
                                                                                                                                                                                                                                        • Instruction ID: 969e57424d6eaf3c8770e2d78b36c29ac310cf58a46a2acebdf8a513e37838b8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: af9c210fefccbc457e52e0612269b292e2dcf906247e6ce514851a0417ee648d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90416A62F28A8282EA14DF91E8423B963A2FF88BF1F480135DE5D07794DF7CE4458702
                                                                                                                                                                                                                                        Function 00007FF8E6A72810 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 91COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Unicode_
                                                                                                                                                                                                                                        • String ID: Unknown tymed$data$data_handle$tymed
                                                                                                                                                                                                                                        • API String ID: 2646675794-2304833533
                                                                                                                                                                                                                                        • Opcode ID: 11ad6c7cb31652ddeb789c45399bfe55ab918504fd7d1c45576853bc287b6464
                                                                                                                                                                                                                                        • Instruction ID: 80f29768ac1ba2be0fd330cfbe92422770478a305e257c327a0e25008a212623
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 11ad6c7cb31652ddeb789c45399bfe55ab918504fd7d1c45576853bc287b6464
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 97419F62F2CA8282EB448B95F49127937A2FB89BD4F484031DE5E47745DE6CE891C701
                                                                                                                                                                                                                                        Function 00007FF8E6A52820 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 88COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_OccurredState_$Arg_DeallocEnsureParseRelease
                                                                                                                                                                                                                                        • String ID: EnumDAdvise$Unexpected exception in gateway method '%hs'
                                                                                                                                                                                                                                        • API String ID: 3280672200-1741563918
                                                                                                                                                                                                                                        • Opcode ID: b0b9420e2c1c42b5c853e54ae7f7edf2ce5477a4959a5fbd5bca25e586ad2333
                                                                                                                                                                                                                                        • Instruction ID: c642a60c086137d0cf6361c67a1c896a428e467744926d7a6e461b5ea7ce5b92
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b0b9420e2c1c42b5c853e54ae7f7edf2ce5477a4959a5fbd5bca25e586ad2333
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 60317232F2874781EA509BE5E8563B923A2FF88BD8F404135DE5E477A5EE2CE5048742
                                                                                                                                                                                                                                        Function 00007FF8E6A658B0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 86threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Arg_Err_FreeObject_ParseRestoreSaveStringTuplefree
                                                                                                                                                                                                                                        • String ID: O:ReadMultiple$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 2004998745-3093747771
                                                                                                                                                                                                                                        • Opcode ID: f71ad35e3ce4d7907b8597667d0c4d55bd6b92175340d3c0e9871b5319c1374e
                                                                                                                                                                                                                                        • Instruction ID: d0b06010f587e62b5c9bd2e829d397be33d8cde756121f13acd94479351bc84e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f71ad35e3ce4d7907b8597667d0c4d55bd6b92175340d3c0e9871b5319c1374e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 78312C76F2874286EA54AF96E44137973A0FF84BE4F484435DEAE07765CE3CE4418B02
                                                                                                                                                                                                                                        Function 00007FF8E6A6E810 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 74threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$RestoreSave$DeallocErr_FromObject_StringTuple_U_object@@$BuildErrorFreeInfoItemObjectValue
                                                                                                                                                                                                                                        • String ID: The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 2478855177-2445808733
                                                                                                                                                                                                                                        • Opcode ID: 9468105d073f7a8d1d6bd513ce7ab2d9b34134a2b64c8b1310e35284343ab8de
                                                                                                                                                                                                                                        • Instruction ID: dd2aef1f36203ab7967c4622ec76a711dac536221eb64bb4bee85301be1f5350
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9468105d073f7a8d1d6bd513ce7ab2d9b34134a2b64c8b1310e35284343ab8de
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB314021F3CA4682EA60AB91E80676973A1FF84BD4F444036DEAE47754DF3CE405C741
                                                                                                                                                                                                                                        Function 00007FF8E6A60550 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 71threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON313 ref: 00007FF8E6A60587
                                                                                                                                                                                                                                        • PyArg_ParseTuple.PYTHON313 ref: 00007FF8E6A605BA
                                                                                                                                                                                                                                        • ?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z.PYWINTYPES313 ref: 00007FF8E6A605D5
                                                                                                                                                                                                                                        • PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A605DF
                                                                                                                                                                                                                                        • PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A60601
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A24CFC
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A24D3F
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A24D49
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: GetErrorInfo.OLEAUT32 ref: 00007FF8E6A24D59
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A24D64
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A24D85
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A24D9C
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: ?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z.PYWINTYPES313 ref: 00007FF8E6A24DBC
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: Py_BuildValue.PYTHON313 ref: 00007FF8E6A24DDD
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: _Py_Dealloc.PYTHON313 ref: 00007FF8E6A24DF4
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyErr_SetObject.PYTHON313 ref: 00007FF8E6A24E07
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: _Py_Dealloc.PYTHON313 ref: 00007FF8E6A24E20
                                                                                                                                                                                                                                        • PyMem_Free.PYTHON313 ref: 00007FF8E6A60642
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$RestoreSave$DeallocErr_Object_U_object@@$Arg_BuildErrorFreeFromInfoMem_ObjectParseStringTupleValue
                                                                                                                                                                                                                                        • String ID: Oi:Save$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 3446329984-1512210177
                                                                                                                                                                                                                                        • Opcode ID: b4b5447d08a2d36c600da2f09e1b9930c939a7ca0dda222437cd99e1cf8dc96a
                                                                                                                                                                                                                                        • Instruction ID: 1d140aa7bbacc26af887d19d3ca6f0aec6f6f4dc81c513ee12a6bb436b503b78
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b4b5447d08a2d36c600da2f09e1b9930c939a7ca0dda222437cd99e1cf8dc96a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 78313836F29B82C6EB508F96E50226A63A0FB88BD4F484432DE6D47764DF6CE444C742
                                                                                                                                                                                                                                        Function 00007FF8E6A6D880 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 69threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Object_R@@@ThreadU_object@@$Arg_Err_FromParseRestoreSaveStringTuple
                                                                                                                                                                                                                                        • String ID: OO:CopyTo$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 3769410717-3963427383
                                                                                                                                                                                                                                        • Opcode ID: 0ff8399650e44c255e73c1cff1ee35e442128f36fe39c8dd57b82dceeee54500
                                                                                                                                                                                                                                        • Instruction ID: 5cd3870a98a79ce88c0661a556e4c4b46e317c73752c0d9ba46b8440be7d7ce4
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ff8399650e44c255e73c1cff1ee35e442128f36fe39c8dd57b82dceeee54500
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 29215E22F28B8281EB419B92F50526AB3A1FF84BE0F445036DE6D57B68DF2CE845C701
                                                                                                                                                                                                                                        Function 00007FF8E6A60660 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 69threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON313 ref: 00007FF8E6A60697
                                                                                                                                                                                                                                        • PyArg_ParseTuple.PYTHON313 ref: 00007FF8E6A606C5
                                                                                                                                                                                                                                        • ?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z.PYWINTYPES313 ref: 00007FF8E6A606DF
                                                                                                                                                                                                                                        • PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A606E9
                                                                                                                                                                                                                                        • PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A60706
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A24CFC
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A24D3F
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A24D49
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: GetErrorInfo.OLEAUT32 ref: 00007FF8E6A24D59
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A24D64
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A24D85
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A24D9C
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: ?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z.PYWINTYPES313 ref: 00007FF8E6A24DBC
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: Py_BuildValue.PYTHON313 ref: 00007FF8E6A24DDD
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: _Py_Dealloc.PYTHON313 ref: 00007FF8E6A24DF4
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyErr_SetObject.PYTHON313 ref: 00007FF8E6A24E07
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: _Py_Dealloc.PYTHON313 ref: 00007FF8E6A24E20
                                                                                                                                                                                                                                        • PyMem_Free.PYTHON313 ref: 00007FF8E6A60747
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$RestoreSave$DeallocErr_Object_U_object@@$Arg_BuildErrorFreeFromInfoMem_ObjectParseStringTupleValue
                                                                                                                                                                                                                                        • String ID: O:SaveCompleted$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 3446329984-4192751109
                                                                                                                                                                                                                                        • Opcode ID: 98575547906d66807b0c14adda73669fcdcb26916cbf72d24724770df1df1fa0
                                                                                                                                                                                                                                        • Instruction ID: 20f2825f28d5327616a184f6c8a0387193152cc1510b399c04e9e30575f5d51d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 98575547906d66807b0c14adda73669fcdcb26916cbf72d24724770df1df1fa0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3B314766F28A42C2EB149F96F54236A73A1FF88BD4B484432DE6D47754DF2CE8448B02
                                                                                                                                                                                                                                        Function 00007FF8E6A4E670 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 66threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_StringThread$Arg_Bstr@@Err_FreeObject_ParseRestoreSaveTupleU_object@@
                                                                                                                                                                                                                                        • String ID: The Python object is invalid$iO:SetVarName
                                                                                                                                                                                                                                        • API String ID: 3407569068-494815592
                                                                                                                                                                                                                                        • Opcode ID: 158b41316d8d5f2266983014866cf1ee063b3e40f456ea55c48cd851a8f91a69
                                                                                                                                                                                                                                        • Instruction ID: 1e8e1e94f69645a2cf48298b38721f3d12ac4af94fcae8b6d4320b233f32ab10
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 158b41316d8d5f2266983014866cf1ee063b3e40f456ea55c48cd851a8f91a69
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA217C36F28A4282EB109B95F812769A3A0FF88BE4F480032DE6D47768DF2CE545C701
                                                                                                                                                                                                                                        Function 00007FF8E6A48610 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 65threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Object_Thread$Arg_Err_FreeParseRestoreSaveStringTupleU_object@@
                                                                                                                                                                                                                                        • String ID: O:RevokeObjectParam$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 2199859164-1636578323
                                                                                                                                                                                                                                        • Opcode ID: ba5d22349b3fef8fb20a69f80a3417304e5b253d9c8dd70c8bcf82347cc07434
                                                                                                                                                                                                                                        • Instruction ID: 8f316e4c69df55dfcef2b683400de3ee5837c1a9d3359ca23593f251e803b370
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba5d22349b3fef8fb20a69f80a3417304e5b253d9c8dd70c8bcf82347cc07434
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC214B26F38A4282EA949B95F856769A3A0FF89BE4F441031DE5E07768DF3CE4458702
                                                                                                                                                                                                                                        Function 00007FF8E6A4D7C0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 64threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_StringThread$Arg_Bstr@@Err_FreeObject_ParseRestoreSaveTupleU_object@@
                                                                                                                                                                                                                                        • String ID: O:SetDocString$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 3407569068-3620035398
                                                                                                                                                                                                                                        • Opcode ID: f4e8a681eb46630bf67b9902cd3cd5bbd856915be35d969c8fcc215b125f7840
                                                                                                                                                                                                                                        • Instruction ID: fd727490d37b4b29ed653fc324077e8a09e5ed75fc7902b30ef5ac4c141de747
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f4e8a681eb46630bf67b9902cd3cd5bbd856915be35d969c8fcc215b125f7840
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 71217F36F2CA4282EB549B95F95627923A0FF88BE4B441032DE5E07764DE2CE4418701
                                                                                                                                                                                                                                        Function 00007FF8E6A4F710 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 64threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_StringThread$Arg_Bstr@@Err_FreeObject_ParseRestoreSaveTupleU_object@@
                                                                                                                                                                                                                                        • String ID: O:SetDocString$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 3407569068-3620035398
                                                                                                                                                                                                                                        • Opcode ID: 05c6d6fe96f12fb365db76315f48a42d90a0bd2d2733ae1f14ede7d4a008fe5b
                                                                                                                                                                                                                                        • Instruction ID: 999aac0979de4e690dbf030083e82df74168b0ca67fc8ff23823bef3ff2a5ae3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 05c6d6fe96f12fb365db76315f48a42d90a0bd2d2733ae1f14ede7d4a008fe5b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 06218136F2CA4282EB549B95F84637923B0FF84BE0B442032DE5E47764DE2CE441C702
                                                                                                                                                                                                                                        Function 00007FF8E6A4F800 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 64threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_StringThread$Arg_Bstr@@Err_FreeObject_ParseRestoreSaveTupleU_object@@
                                                                                                                                                                                                                                        • String ID: O:SetHelpFileName$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 3407569068-392364392
                                                                                                                                                                                                                                        • Opcode ID: 9d2354d2e47ec730c44e4156f48a92637f26188b3515f9e82e74cae332892323
                                                                                                                                                                                                                                        • Instruction ID: 4c2b4b60a2ff09a3edc0cef3ebf1b0df953e64556ada2de2feb6accdacf2dc20
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9d2354d2e47ec730c44e4156f48a92637f26188b3515f9e82e74cae332892323
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CF217F32F28A4282FB149B96F84637923A0FF85BD0B442032DE5D4B764DF2CE4458742
                                                                                                                                                                                                                                        Function 00007FF8E6A503B0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 64threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_StringThread$Arg_Bstr@@Err_FreeObject_ParseRestoreSaveTupleU_object@@
                                                                                                                                                                                                                                        • String ID: O:SetDocString$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 3407569068-3620035398
                                                                                                                                                                                                                                        • Opcode ID: 7cc5279bd25799f83637d0184f84c582417a672e938d1085f93b64ebe0e2f49f
                                                                                                                                                                                                                                        • Instruction ID: 191577646571a50011ab7648d08ad4dcb093fb15eab0c774f9c51ac49d7cad4f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7cc5279bd25799f83637d0184f84c582417a672e938d1085f93b64ebe0e2f49f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 26217F36F28A4282EB54DB95F45667963B1FF88BE0B441032DE5E47764CE2CE4818702
                                                                                                                                                                                                                                        Function 00007FF8E6A535A0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 63threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_Eval_ParseThreadTuple$Err_FromLongLong_RestoreSaveString
                                                                                                                                                                                                                                        • String ID: The Python object is invalid$lOl:DragOver
                                                                                                                                                                                                                                        • API String ID: 3706361514-456393553
                                                                                                                                                                                                                                        • Opcode ID: 33eac103401777627540d4d3b386035bd103faeebad1c1daac80e8905e420394
                                                                                                                                                                                                                                        • Instruction ID: fa9226635952b614ad1763abe39719c426c6a7d6766c6e52bcfd3ea622c4be5e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 33eac103401777627540d4d3b386035bd103faeebad1c1daac80e8905e420394
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC212A32F28A4682EA00CFA5F4056AA73A2FB84BD4F940136EE5D47768DF3CE545CB41
                                                                                                                                                                                                                                        Function 00007FF8E6A5D790 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocFromObject_R@@@State_U_object@@$EnsureRelease
                                                                                                                                                                                                                                        • String ID: LockRegion$OOi
                                                                                                                                                                                                                                        • API String ID: 3423895773-417432063
                                                                                                                                                                                                                                        • Opcode ID: bbe29c2bdc6705c9fb7f3feaaab121ddcd8d7d93575cb717af02794aacad6f7a
                                                                                                                                                                                                                                        • Instruction ID: 3b7082e938413a57f6a403fb508cd5c3dd84274aa9976101f73882b36dd65397
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bbe29c2bdc6705c9fb7f3feaaab121ddcd8d7d93575cb717af02794aacad6f7a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7C216832F28B9286E7109FA0F8092A973A0FB94BE5F085031EE8946B54DF3CE145C702
                                                                                                                                                                                                                                        Function 00007FF8E6A478E0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocFromObject_R@@@State_U_object@@$EnsureRelease
                                                                                                                                                                                                                                        • String ID: OOi$UnlockRegion
                                                                                                                                                                                                                                        • API String ID: 3423895773-62055282
                                                                                                                                                                                                                                        • Opcode ID: 4215f9fd1ef614c999e31b95be39ce9004df87e44a54963358e441a45e3f8d0b
                                                                                                                                                                                                                                        • Instruction ID: f488dc902f701386c93aefd5084cd53922e8fc13b3e0cdf1fe422486ccc7ea1f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4215f9fd1ef614c999e31b95be39ce9004df87e44a54963358e441a45e3f8d0b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 44215B36F28B92C6EB509FA1F849369B7A0FB84BE4F084131EE8946B55DF3CE5458701
                                                                                                                                                                                                                                        Function 00007FF8E6A47810 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocFromObject_R@@@State_U_object@@$EnsureRelease
                                                                                                                                                                                                                                        • String ID: LockRegion$OOi
                                                                                                                                                                                                                                        • API String ID: 3423895773-417432063
                                                                                                                                                                                                                                        • Opcode ID: 70031674a007ab282460e59e6465cef140334930b6cb94a63e25db6e35f1d2fa
                                                                                                                                                                                                                                        • Instruction ID: e51e6f227d04554edbab3b05daacf23e74987f7648769407fdb2f4a030f910cd
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 70031674a007ab282460e59e6465cef140334930b6cb94a63e25db6e35f1d2fa
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7216D36F28B9286E7609FA1F84936977A0FB84BE5F044031EE8946B54DF3CE585C701
                                                                                                                                                                                                                                        Function 00007FF8E6A5D860 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocFromObject_R@@@State_U_object@@$EnsureRelease
                                                                                                                                                                                                                                        • String ID: OOi$UnlockRegion
                                                                                                                                                                                                                                        • API String ID: 3423895773-62055282
                                                                                                                                                                                                                                        • Opcode ID: 6c5f0d7ec2974498c2233339cf58cf3b1f740b934650b0d17970f7caf35b55de
                                                                                                                                                                                                                                        • Instruction ID: 8127714c8adcae67327d7cfb567d61539c78da3f3913a9a6b9b52a906b1ad36b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6c5f0d7ec2974498c2233339cf58cf3b1f740b934650b0d17970f7caf35b55de
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE214936F28B9286EB509FA5F84936973A0FB85BE9F044031EE8946B54DF3CE545C702
                                                                                                                                                                                                                                        Function 00007FF8E6A64580 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        • The Python IID map is invalid - the value is not an interface type object, xrefs: 00007FF8E6A64540
                                                                                                                                                                                                                                        • There is no interface object registered that supports this IID, xrefs: 00007FF8E6A6450B
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Object_$D@@@DeallocDict_Err_FromItemStringSubclassU_object@@
                                                                                                                                                                                                                                        • String ID: The Python IID map is invalid - the value is not an interface type object$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                        • API String ID: 3263611697-2203674046
                                                                                                                                                                                                                                        • Opcode ID: b9b41166950ee249ba5dce2c3b219ac6d171c6f45723f244ae64a4a82e9de223
                                                                                                                                                                                                                                        • Instruction ID: 34500d06c2ca56e5c2021878ed19d3e7f70cc7ca0019baac0f8539d92cd19b3d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b9b41166950ee249ba5dce2c3b219ac6d171c6f45723f244ae64a4a82e9de223
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8210B25F2DA4281EA519F95E85637833A0FF49FE8F088439CE2E47755DE2CF8458302
                                                                                                                                                                                                                                        Function 00007FF8E6A29560 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: State_$CallDeallocEnsureErr_LongLong_MethodObject_ReleaseString
                                                                                                                                                                                                                                        • String ID: GetNextDispID must return an integer object$_GetNextDispID_
                                                                                                                                                                                                                                        • API String ID: 4102426547-654642487
                                                                                                                                                                                                                                        • Opcode ID: d36659792e60f9ae2733e3d6ab9c1bd69430cba582ed9275331ed5d4182509e8
                                                                                                                                                                                                                                        • Instruction ID: 7de5c4a67b3334187e61d96a3929717e7df58fb9d4390927d37799de9fae650b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d36659792e60f9ae2733e3d6ab9c1bd69430cba582ed9275331ed5d4182509e8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E6213B32F28B4282EB209F96E846669B3A0FB84BE4F444835DE5D47764DF3CE445C701
                                                                                                                                                                                                                                        Function 00007FF8E6A293F0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: State_$CallDeallocEnsureErr_LongLong_MethodObject_ReleaseString
                                                                                                                                                                                                                                        • String ID: GetMemberProperties must return an integer object$_GetMemberProperties_
                                                                                                                                                                                                                                        • API String ID: 4102426547-219618243
                                                                                                                                                                                                                                        • Opcode ID: f06027d534d6f0cb57b5f82f7a9cb0992f38a49b955407e12888cd87a0ac7a75
                                                                                                                                                                                                                                        • Instruction ID: 881d35d2ef2534aee94186a962836da7fd3e22e724537b1541b414fb5d27279f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f06027d534d6f0cb57b5f82f7a9cb0992f38a49b955407e12888cd87a0ac7a75
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7211832F29B4282EB109F96E846669B7A0FB84BD4F444835DE6D47764DE3CE445C702
                                                                                                                                                                                                                                        Function 00007FF8E6A74888 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: FromVariant$ChangeClearDeallocDoubleErr_Float_ObjectObject_TypeU_object@@wsprintf
                                                                                                                                                                                                                                        • String ID: Error converting floating point variant (%08lx)
                                                                                                                                                                                                                                        • API String ID: 3578438641-723133735
                                                                                                                                                                                                                                        • Opcode ID: 7b9100170c47cf82d6be861ec80c7564b581fae52cf5e70215ff36a4249ed944
                                                                                                                                                                                                                                        • Instruction ID: c495489816a09913d2bed4d5e954e040e8a093d5ef3bd00bc370d0b017d5346b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b9100170c47cf82d6be861ec80c7564b581fae52cf5e70215ff36a4249ed944
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88116D32F2894681EB208F62E85637D6374FF98BE9F400035CE5E86AA4DE2CF545C702
                                                                                                                                                                                                                                        Function 00007FF8E6A7481D Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: FromVariant$ChangeClearDeallocErr_LongLong_ObjectObject_TypeU_object@@wsprintf
                                                                                                                                                                                                                                        • String ID: Error converting integer variant (%08lx)
                                                                                                                                                                                                                                        • API String ID: 3799450794-2415472848
                                                                                                                                                                                                                                        • Opcode ID: a0dae94550e33db7e7fda928ba41f8cc079aa4cfaff305e3b5ba702e2fdfe927
                                                                                                                                                                                                                                        • Instruction ID: f7ab5ccbac3951d7fbb950b022c38fb0f3853479dd960f6a0252839fcc94ed64
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a0dae94550e33db7e7fda928ba41f8cc079aa4cfaff305e3b5ba702e2fdfe927
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 69112B32F2894282EA209B52E85637D6364FB98BE9F440035CE5E46A65DE2CF945C702
                                                                                                                                                                                                                                        Function 00007FF8E6A2A660 Relevance: 13.6, APIs: 9, Instructions: 148threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$RestoreSave$Dealloc$From$BuildErr_ErrorInfoLongLong_ObjectObject_U_object@@Value
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2233689574-0
                                                                                                                                                                                                                                        • Opcode ID: 19330f1c4c0f377c8ec78581e9806de8e51fd16459866a7809de62784f3eb904
                                                                                                                                                                                                                                        • Instruction ID: ab8d3addc4a000e35ce7e88135aa0ddc2c31614ef4f887a98d07682e40966e58
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 19330f1c4c0f377c8ec78581e9806de8e51fd16459866a7809de62784f3eb904
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8D514072B18B8282EB509F6AE44166A73A1FB88FD4F144136DF9E87B64DF3CD4468701
                                                                                                                                                                                                                                        Function 00007FF8E6A4D5D0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Arg_D@@@Err_Object_ParseRestoreSaveStringTupleU_object@@
                                                                                                                                                                                                                                        • String ID: O:SetGuid$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 3738645356-2833450749
                                                                                                                                                                                                                                        • Opcode ID: b6fa220a1950272048c291a966120eb3afbe80eb2d201fcc7ddfdc5e1602f127
                                                                                                                                                                                                                                        • Instruction ID: 8c09335b7410ec7546dac0295d0038dc36b45398ec98ed46f75d43f25bb737ed
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b6fa220a1950272048c291a966120eb3afbe80eb2d201fcc7ddfdc5e1602f127
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14214672F28B4282EA54ABA6E85627973A1FF88BE4B440036DD5E47764DE2CF441C702
                                                                                                                                                                                                                                        Function 00007FF8E6A4F520 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: The Python object is invalid$ii:SetVersion
                                                                                                                                                                                                                                        • API String ID: 1450464846-3629498280
                                                                                                                                                                                                                                        • Opcode ID: 7d334677177397d323d40c5e1499adba236ec6a1b3c20ec6d767be98c0ed856e
                                                                                                                                                                                                                                        • Instruction ID: ecf548b5406e016c75be4ffd65e1b137fc9cf093f36ccd12e88f7352336e6c8c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d334677177397d323d40c5e1499adba236ec6a1b3c20ec6d767be98c0ed856e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D214F22F28A4282EB549FA5F94627963A1FF88BD4F446031DE6D47768DE2CE481C702
                                                                                                                                                                                                                                        Function 00007FF8E6A63500 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Arg_D@@@Err_Object_ParseRestoreSaveStringTupleU_object@@
                                                                                                                                                                                                                                        • String ID: O:Delete$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 3738645356-1497512779
                                                                                                                                                                                                                                        • Opcode ID: fd30bf040fc435d3d0d40dd2717f1ea97d778adca5472e96e8b4abc1c208c7f6
                                                                                                                                                                                                                                        • Instruction ID: a0367d1cd75c485142545b4887c1c9cd6cd13ca9422dc8ec5d7b2bc8897f7640
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd30bf040fc435d3d0d40dd2717f1ea97d778adca5472e96e8b4abc1c208c7f6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA217A72F2CB4281EA149BA6E45627973A1FF88BE0F441036DD6E07764DE2CF442C742
                                                                                                                                                                                                                                        Function 00007FF8E6A4F610 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Arg_D@@@Err_Object_ParseRestoreSaveStringTupleU_object@@
                                                                                                                                                                                                                                        • String ID: O:SetGuid$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 3738645356-2833450749
                                                                                                                                                                                                                                        • Opcode ID: a6b9b5d35eac2bd86d8485e0cc1912328a8e75a8850c7373526fff69e337c6d0
                                                                                                                                                                                                                                        • Instruction ID: 4aef702419b06851847c64435ba057cc770f2282da2f0f0eae9f3f627a8e7955
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a6b9b5d35eac2bd86d8485e0cc1912328a8e75a8850c7373526fff69e337c6d0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1216D71F28B8282EA549BA5E85637963A1FF88BD0F442036DD5E47764DE2CF445C702
                                                                                                                                                                                                                                        Function 00007FF8E6A50770 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: The Python object is invalid$i:SetLibFlags
                                                                                                                                                                                                                                        • API String ID: 1450464846-2322495625
                                                                                                                                                                                                                                        • Opcode ID: 45991c6c40985b6a0404241b37efdb0f75b118bf8ce0d5d9f225dd254e431b2e
                                                                                                                                                                                                                                        • Instruction ID: 9d85444af361f72ba83630a0ddd6900a8c85647ccd033c6b4aaab9bb2a6a8836
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 45991c6c40985b6a0404241b37efdb0f75b118bf8ce0d5d9f225dd254e431b2e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1218375F28A4282EB45DBA5F95627923A1FF88BE4B441032DD2D47364DE2CE8818741
                                                                                                                                                                                                                                        Function 00007FF8E6A4D8B0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: The Python object is invalid$l:SetHelpContext
                                                                                                                                                                                                                                        • API String ID: 1450464846-1782559897
                                                                                                                                                                                                                                        • Opcode ID: 28423b000cb26061461662dd8e210f37a83c18f9f6274b717cb28eccea32ce0a
                                                                                                                                                                                                                                        • Instruction ID: 910e6c99b3acd589445a0001449b2e316b8257833cbfdbc9349a6bd6d55818f3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 28423b000cb26061461662dd8e210f37a83c18f9f6274b717cb28eccea32ce0a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 43218076F28A4282EB449BA5F95627923A0FF88BD4B441036DE2D47764DE2CE8828701
                                                                                                                                                                                                                                        Function 00007FF8E6A4F8F0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: The Python object is invalid$l:SetHelpContext
                                                                                                                                                                                                                                        • API String ID: 1450464846-1782559897
                                                                                                                                                                                                                                        • Opcode ID: e58a9f49356529bd25aea2e62e18731c3c438f87ff39f524d39a6973dbaabf0d
                                                                                                                                                                                                                                        • Instruction ID: 8d3ffb9eaa650a85a4e0eecf2ca54055644b8779540d8597db04fd0f996d776e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e58a9f49356529bd25aea2e62e18731c3c438f87ff39f524d39a6973dbaabf0d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F218636F2C64282EB449FA5F95627923A0FF88BD4B442031DD2D47364DE3CE8828701
                                                                                                                                                                                                                                        Function 00007FF8E6A50590 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: The Python object is invalid$l:SetHelpContext
                                                                                                                                                                                                                                        • API String ID: 1450464846-1782559897
                                                                                                                                                                                                                                        • Opcode ID: 536c38e5f203d6e39194321f0267b0a76573c6961297350ebe56b0df438c4ccf
                                                                                                                                                                                                                                        • Instruction ID: 74fab7ef5bd629ec07218b82979355435af561fe79239ce8ff3f235123b7c5a8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 536c38e5f203d6e39194321f0267b0a76573c6961297350ebe56b0df438c4ccf
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8218336F28A4282EB44DBA5F95627923A1FF88BD4F445032DE2D47764DE2CE8828701
                                                                                                                                                                                                                                        Function 00007FF8E6A6B510 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: The Python object is invalid$i:Commit
                                                                                                                                                                                                                                        • API String ID: 1450464846-1346208079
                                                                                                                                                                                                                                        • Opcode ID: a8808369c3b4c2210c04bfbf7432b99b1b2dd6dab88577aff2263820e8d254b0
                                                                                                                                                                                                                                        • Instruction ID: 3c0fde6b69eb2bdd044ddcb5e549054918a98397d653d9e335c80d3778a09a69
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a8808369c3b4c2210c04bfbf7432b99b1b2dd6dab88577aff2263820e8d254b0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 98218632F28A4282EB459B95F55627D23A0FF48BD4B440031DD2E47764DE3CE8928701
                                                                                                                                                                                                                                        Function 00007FF8E6A50680 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: The Python object is invalid$l:SetLcid
                                                                                                                                                                                                                                        • API String ID: 1450464846-1975059913
                                                                                                                                                                                                                                        • Opcode ID: b284d8208a24609e9d0be037efa9836f53137690e801d23846608bb4204a3768
                                                                                                                                                                                                                                        • Instruction ID: b19d8c060f1e3409a1307689183a8858dbe20049a63c90ad4bf02311be78bef9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b284d8208a24609e9d0be037efa9836f53137690e801d23846608bb4204a3768
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 52219236F28A4282EB44DBA5F95627923A1FF88BD4F441432DE2D47764DF2CE8828701
                                                                                                                                                                                                                                        Function 00007FF8E6A5C680 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: The Python object is invalid$l:RevokeInterfaceFromGlobal
                                                                                                                                                                                                                                        • API String ID: 1450464846-152675950
                                                                                                                                                                                                                                        • Opcode ID: 898abf044a5b6ed272342da80665054a0561efb7f79302098e98480bb369d589
                                                                                                                                                                                                                                        • Instruction ID: 98acef4a54ebb6a0a40b687b5ef8eeb694223ac01a5de219bd93e337085613bd
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 898abf044a5b6ed272342da80665054a0561efb7f79302098e98480bb369d589
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73218636F2C64282EB45DB95F95627923A1FF88BD4B441035DD2E477A8DF2CE5818701
                                                                                                                                                                                                                                        Function 00007FF8E6A4D6D0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: The Python object is invalid$i:SetTypeFlags
                                                                                                                                                                                                                                        • API String ID: 1450464846-3322082645
                                                                                                                                                                                                                                        • Opcode ID: a3bdcb6ff7b7eb9a7b7724a4ae5fd7464fda6b996735d04114cd3a788dbe25c4
                                                                                                                                                                                                                                        • Instruction ID: 80aaa2b81fa91f63405e1d457464e2087523632f89b52a742f19c5a3b86639ce
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a3bdcb6ff7b7eb9a7b7724a4ae5fd7464fda6b996735d04114cd3a788dbe25c4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30219536F2CA4282EB459BE5F95627923F0FF88BD4B441036DE2D47764DE2CE8828701
                                                                                                                                                                                                                                        Function 00007FF8E6A2C8D0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 63threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_Eval_StringThread$Arg_ParseRestoreSaveTuple
                                                                                                                                                                                                                                        • String ID: The Python object is invalid$ll:DeleteMemberByDispID
                                                                                                                                                                                                                                        • API String ID: 4015722556-3292498650
                                                                                                                                                                                                                                        • Opcode ID: a5df8b55589deb061659957de24a4f7d6eeae91b49485271400a67feb40f54c2
                                                                                                                                                                                                                                        • Instruction ID: 797cc12575dfb428311979abe1a0d675685859a599e4bcd6a69a81efcd422875
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a5df8b55589deb061659957de24a4f7d6eeae91b49485271400a67feb40f54c2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2218035F28A4282EA55DBA6F44626923A0FF48BD4B085032DE6E07754CF3CE8518701
                                                                                                                                                                                                                                        Function 00007FF8E6A50860 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: :SaveAllChanges$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 1450464846-2045194468
                                                                                                                                                                                                                                        • Opcode ID: 524a86bb67535f57cd7e37368eb3b70accfadd7efb0783afbcd54e972b16c612
                                                                                                                                                                                                                                        • Instruction ID: 90b597d9c1c845dc8e14bd2ca8605580ca3c1a5c6ca8c800e456192ffe515188
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 524a86bb67535f57cd7e37368eb3b70accfadd7efb0783afbcd54e972b16c612
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23215136F28A42C2EF55DBE6F95627923A1FF48BE4B441035DD2E473A4DE2CE4818742
                                                                                                                                                                                                                                        Function 00007FF8E6A27570 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String$Free$DeallocException$AllocClearErrorEval_FetchGivenInfoMatchesRestoreThread$CreateNormalizePythonSaveTraceback@@U_object@@00@
                                                                                                                                                                                                                                        • String ID: Python error invoking COM method.
                                                                                                                                                                                                                                        • API String ID: 2096869733-741485538
                                                                                                                                                                                                                                        • Opcode ID: 5da9950ddfb750638e44bc8fc92db6836ae59022d2134ce0158874649723a4a0
                                                                                                                                                                                                                                        • Instruction ID: d777a1a83174a5f29a8eb336067b089626cfa93ab67b8d4f5ff849fb297192e0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5da9950ddfb750638e44bc8fc92db6836ae59022d2134ce0158874649723a4a0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87216B36F19B0285EF19DFA4E49273863A0FF60BD4B084035CE5D46A58CF2CE990C252
                                                                                                                                                                                                                                        Function 00007FF8E6A536A0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: :DragLeave$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 1450464846-767860251
                                                                                                                                                                                                                                        • Opcode ID: 4ab1ca3f009777a7cf8140153d35bf278996430c7511c6ca93d5326604a5b339
                                                                                                                                                                                                                                        • Instruction ID: b78e9156fa34fdc15cf579da0072748fc9dc983ad26e8d3c7704e19efd7ff0c5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4ab1ca3f009777a7cf8140153d35bf278996430c7511c6ca93d5326604a5b339
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80216D66F28A42C2EB54DBE6F95627923A1FF88BE4B441035DD2E47764EE2CE4818701
                                                                                                                                                                                                                                        Function 00007FF8E6A6B600 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: :Revert$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 1450464846-2634774199
                                                                                                                                                                                                                                        • Opcode ID: 4cf4f7ad2aa5fd56229a954d6542237d43dd87e62f4aab13b06f8ac184821476
                                                                                                                                                                                                                                        • Instruction ID: 17dfa3f372e053b5363120f352686912a3caf4a850ed4b130a833692d95cc7ff
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4cf4f7ad2aa5fd56229a954d6542237d43dd87e62f4aab13b06f8ac184821476
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F7218135F28A42C2EB549BE6F95627923A0FF48BE4B441435DD2E47364DE3CE4918302
                                                                                                                                                                                                                                        Function 00007FF8E6A6D6B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Object_R@@@ThreadU_object@@$Arg_Err_FromParseRestoreSaveStringTuple
                                                                                                                                                                                                                                        • String ID: The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 3769410717-2445808733
                                                                                                                                                                                                                                        • Opcode ID: 59f5d325e21eeda44baddc104c6fc72151d22d5f3b25e0fd4ed2452e9437bc51
                                                                                                                                                                                                                                        • Instruction ID: df15c9b5c4ac8a7882bd15857e9e3ad3fc652cf40006f51b86484b18b187d0dd
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 59f5d325e21eeda44baddc104c6fc72151d22d5f3b25e0fd4ed2452e9437bc51
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83215E26F28A4282EB119B95F905269B3B1FF84BE4F440132DE6D07B68DF2CE545C702
                                                                                                                                                                                                                                        Function 00007FF8E6A756E2 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        • There is no interface object registered that supports this IID, xrefs: 00007FF8E6A7576F
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$ArrayClearD@@@DeallocDict_ElementFromItemObject_SafeStringU_object@@
                                                                                                                                                                                                                                        • String ID: There is no interface object registered that supports this IID
                                                                                                                                                                                                                                        • API String ID: 41092726-1806556748
                                                                                                                                                                                                                                        • Opcode ID: 8b9691b26e38fe0907cab409f8803dcbdaf1de2a57da9644bd46e2e498789a06
                                                                                                                                                                                                                                        • Instruction ID: 295a54ff4f69c37289dfb832e990126f986d291982d0e95b07bb8a35832a6f5d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b9691b26e38fe0907cab409f8803dcbdaf1de2a57da9644bd46e2e498789a06
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A9210E22F38652C2FA55AB96E96637823A1BF44BF5F448431CD1E4B792DE3CF4459302
                                                                                                                                                                                                                                        Function 00007FF8E6A61540 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 55COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: :IsDirty$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 1450464846-2698278726
                                                                                                                                                                                                                                        • Opcode ID: 53ad6c99216caddee3ec2e78b20e69e6f237bb27d183567f530106b6bb0e4fc5
                                                                                                                                                                                                                                        • Instruction ID: 3d1519de8efbc9dd248e840f89d6bbcdbe1e4f0c240f9ee7d2ac0720dba7ef7d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 53ad6c99216caddee3ec2e78b20e69e6f237bb27d183567f530106b6bb0e4fc5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 64118125F2CA42C2EB449BE6F94A27963A0FF48BE4F441031DD2E47364DE2CE8928741
                                                                                                                                                                                                                                        Function 00007FF8E6A62640 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 51threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Arg_Err_FromObject_ParseR@@@RestoreSaveStringTupleU_object@@
                                                                                                                                                                                                                                        • String ID: :GetSizeMax$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 587566394-2309627308
                                                                                                                                                                                                                                        • Opcode ID: 95030465f3ee043853ef7ecaaff5943841ecff6aab6196d4888aacb678a110eb
                                                                                                                                                                                                                                        • Instruction ID: a0f3d1399c3f2338a0773ad17e5a3df95a6c1b7006b9cbde934797846b2d3c07
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 95030465f3ee043853ef7ecaaff5943841ecff6aab6196d4888aacb678a110eb
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94118665F2CA4282EB459B95F94527D7362FF44BE0F441071DE2E47758DF2CE4958302
                                                                                                                                                                                                                                        Function 00007FF8E6A603A0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                        • String ID: :IsDirty$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 1450464846-2698278726
                                                                                                                                                                                                                                        • Opcode ID: 60cc2dd2602919e48bcb15ac4b3f92b101de8a1db1bfc012ff96246cd72a7abf
                                                                                                                                                                                                                                        • Instruction ID: 32863d42dc49e214e73d0837cc8cee9bdebbff5aff97e898ccdb6a2deadb1341
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 60cc2dd2602919e48bcb15ac4b3f92b101de8a1db1bfc012ff96246cd72a7abf
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 15112165F29A02C2FF149BE6E89A27923E1FF48BD5B081431CD2D47360DE6CE4D68301
                                                                                                                                                                                                                                        Function 00007FF8E6A458E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyGILState_Ensure.PYTHON313 ref: 00007FF8E6A4591C
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A25030: ?PyWinObject_FromBstr@@YAPEAU_object@@QEA_WH@Z.PYWINTYPES313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8E6A24EF2), ref: 00007FF8E6A25088
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A25030: ?PyWinObject_FromBstr@@YAPEAU_object@@QEA_WH@Z.PYWINTYPES313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8E6A24EF2), ref: 00007FF8E6A25097
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A25030: ?PyWinObject_FromBstr@@YAPEAU_object@@QEA_WH@Z.PYWINTYPES313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8E6A24EF2), ref: 00007FF8E6A250A6
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A25030: Py_BuildValue.PYTHON313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8E6A24EF2), ref: 00007FF8E6A250D2
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A25030: _Py_Dealloc.PYTHON313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8E6A24EF2), ref: 00007FF8E6A250F0
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A25030: _Py_Dealloc.PYTHON313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8E6A24EF2), ref: 00007FF8E6A25109
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A25030: _Py_Dealloc.PYTHON313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8E6A24EF2), ref: 00007FF8E6A25122
                                                                                                                                                                                                                                        • ?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z.PYWINTYPES313 ref: 00007FF8E6A45958
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON313 ref: 00007FF8E6A4599B
                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON313 ref: 00007FF8E6A459B4
                                                                                                                                                                                                                                        • PyGILState_Release.PYTHON313 ref: 00007FF8E6A459BD
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24250: PyErr_Occurred.PYTHON313 ref: 00007FF8E6A24259
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$FromObject_U_object@@$Bstr@@$State_$BuildEnsureErr_OccurredReleaseValue
                                                                                                                                                                                                                                        • String ID: AddError
                                                                                                                                                                                                                                        • API String ID: 2964434163-917986504
                                                                                                                                                                                                                                        • Opcode ID: 8b5dc527ab8124f90fc987dab780a379741419373e6626fbcb4da0952e927563
                                                                                                                                                                                                                                        • Instruction ID: 3296bc79b97e80908820cd638833b3e9266f74a06cfe9c0c5c85a80d271e4443
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b5dc527ab8124f90fc987dab780a379741419373e6626fbcb4da0952e927563
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DF317E72F29A4282EB64AB91E816378A3A0FF45BE5F044031DE8E47756EF3DE4458702
                                                                                                                                                                                                                                        Function 00007FF8E6A6E710 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON313 ref: 00007FF8E6A6E74F
                                                                                                                                                                                                                                        • PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A6E768
                                                                                                                                                                                                                                        • PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A6E787
                                                                                                                                                                                                                                        • PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A6E7C8
                                                                                                                                                                                                                                        • PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A6E7E4
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A24CFC
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A24D3F
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A24D49
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: GetErrorInfo.OLEAUT32 ref: 00007FF8E6A24D59
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A24D64
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A24D85
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A24D9C
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: ?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z.PYWINTYPES313 ref: 00007FF8E6A24DBC
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: Py_BuildValue.PYTHON313 ref: 00007FF8E6A24DDD
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: _Py_Dealloc.PYTHON313 ref: 00007FF8E6A24DF4
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyErr_SetObject.PYTHON313 ref: 00007FF8E6A24E07
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: _Py_Dealloc.PYTHON313 ref: 00007FF8E6A24E20
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$RestoreSave$DeallocErr_$BuildErrorFromInfoObjectObject_StringU_object@@Value
                                                                                                                                                                                                                                        • String ID: The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 3213920475-2445808733
                                                                                                                                                                                                                                        • Opcode ID: 9c764609c67e58556629685169cdee21dcd25df6ee2e78c357525aacb1038789
                                                                                                                                                                                                                                        • Instruction ID: 0426f06d6a690b8493ffc4de045e1c6f3cc62d5fcd259940b863db6b6fde3566
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9c764609c67e58556629685169cdee21dcd25df6ee2e78c357525aacb1038789
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90216026F28B4182EB44DFA2E44526A63A1FF89FD4F481032DE6E57B65CF3CE4428701
                                                                                                                                                                                                                                        Function 00007FF8E6A6D7A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Arg_Err_Object_ParseR@@@RestoreSaveStringTupleU_object@@
                                                                                                                                                                                                                                        • String ID: The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 2962986857-2445808733
                                                                                                                                                                                                                                        • Opcode ID: 2261234515f5470af82ee986d227084ddd66dbf27087506de351c834effe92ac
                                                                                                                                                                                                                                        • Instruction ID: 906cbea76a6d1cf4c7eab189377bf279e480a4d7bdf84cba9e911fe96acb1fd5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2261234515f5470af82ee986d227084ddd66dbf27087506de351c834effe92ac
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0216036F28A4282EA559F95F54527973B1FF44BE0B441036DE6D47764CF2CE845C702
                                                                                                                                                                                                                                        Function 00007FF8E6A66880 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: State_$DeallocEnsureErr_FromLongLong_OccurredReleaseTuple_Unsigned
                                                                                                                                                                                                                                        • String ID: DeleteMultiple$Unexpected exception in gateway method '%hs'
                                                                                                                                                                                                                                        • API String ID: 667690297-3044724248
                                                                                                                                                                                                                                        • Opcode ID: dd87a41a8988dc3a1e173c03328119fded4540e4534685f9a4a472afc8debd36
                                                                                                                                                                                                                                        • Instruction ID: 5f8a040220f040992b953d84b32a211d27b854b0d22f3f8aab93c2c5f23258a5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd87a41a8988dc3a1e173c03328119fded4540e4534685f9a4a472afc8debd36
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 15218032F2864282EB509BA1E8163A973A1FF48BD4F444135DE5D47355EE3CE805C742
                                                                                                                                                                                                                                        Function 00007FF8E6A3C6A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: State_$ClearDeallocEnsureErr_Object_R@@@ReleaseU_object@@
                                                                                                                                                                                                                                        • String ID: GetSizeMax
                                                                                                                                                                                                                                        • API String ID: 1322101601-2032451762
                                                                                                                                                                                                                                        • Opcode ID: bb1513db7e07ec20260c6b473a4dea7f55c35330e95a81406e2f137409d84efa
                                                                                                                                                                                                                                        • Instruction ID: 5bd76b64f8722d77fc2649013a1912fec1b4c833edef7ad3dbb16170746b289c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bb1513db7e07ec20260c6b473a4dea7f55c35330e95a81406e2f137409d84efa
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B219F76F28B4282EB109B65E85A32D63A1FB88BD8F445031DE4E87718DF3CE4448B02
                                                                                                                                                                                                                                        Function 00007FF8E6A627E0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveStringTuple
                                                                                                                                                                                                                                        • String ID: :InitNew$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 3004187977-3693445850
                                                                                                                                                                                                                                        • Opcode ID: d0d9ae0d5224e3d3677614027529b81db472b78d0e7cc17fb93a7262563583f4
                                                                                                                                                                                                                                        • Instruction ID: 48b2ae396c49419dd6e18bf7af7fbe39dc5f4e61b9ec56a241fd01cd2e01325f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0d9ae0d5224e3d3677614027529b81db472b78d0e7cc17fb93a7262563583f4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E1117F31F28A4282EB459B96F94627933A2FF48BE0B445075DD2D077A4DF2CF8408342
                                                                                                                                                                                                                                        Function 00007FF8E6A587D0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 53threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveStringTuple
                                                                                                                                                                                                                                        • String ID: The Python object is invalid$l:Skip
                                                                                                                                                                                                                                        • API String ID: 3004187977-1306879369
                                                                                                                                                                                                                                        • Opcode ID: d218d97eff3ec4e402ff0cd0cea7f0a783d9b2ee0be79a6b1113435a0597d61c
                                                                                                                                                                                                                                        • Instruction ID: 9a0b769c262b4ecffc39aa3440cb520cd32dca96f3e6e251016b7d03220503c6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d218d97eff3ec4e402ff0cd0cea7f0a783d9b2ee0be79a6b1113435a0597d61c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 55114C65F28A0282EA05DBA6F94627923A2FF88BE0B485036CE6D07754DF3CF4448702
                                                                                                                                                                                                                                        Function 00007FF8E6A5B550 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 53threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveStringTuple
                                                                                                                                                                                                                                        • String ID: The Python object is invalid$l:Skip
                                                                                                                                                                                                                                        • API String ID: 3004187977-1306879369
                                                                                                                                                                                                                                        • Opcode ID: 1b76ba7f5a8e324c16ece5152895f6b60cc208976b56f467cee58b12a379f64d
                                                                                                                                                                                                                                        • Instruction ID: 89d1fb0af0ad052a3db86d629b447e4d53dd2e0408b858d84fb3c68f1fdf9b4e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b76ba7f5a8e324c16ece5152895f6b60cc208976b56f467cee58b12a379f64d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1114F65F28A0282EB09DB95F55627923A2FF88BE0F585036DE2E07754DF3CE444C702
                                                                                                                                                                                                                                        Function 00007FF8E6A54610 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 53threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveStringTuple
                                                                                                                                                                                                                                        • String ID: The Python object is invalid$l:Skip
                                                                                                                                                                                                                                        • API String ID: 3004187977-1306879369
                                                                                                                                                                                                                                        • Opcode ID: ac501f56f93fcccdc5e0e2c93dee7c82f7eb6ce7cf07f937d5d12456c2c1dd42
                                                                                                                                                                                                                                        • Instruction ID: 87171498d66d207b21485c7efb03b0d4d009edbaabc8a71cfad8bbb98c3a0cd4
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac501f56f93fcccdc5e0e2c93dee7c82f7eb6ce7cf07f937d5d12456c2c1dd42
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 06113D65F28B0282EA05DBA6F94637923A2FF88BE0B485136CE2D07754DE3CE4458702
                                                                                                                                                                                                                                        Function 00007FF8E6A58890 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveStringTuple
                                                                                                                                                                                                                                        • String ID: :Reset$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 3004187977-3082310266
                                                                                                                                                                                                                                        • Opcode ID: 68f18b20b2b54fc4fb8e78159d94e5efd9ca99723c8a9c9add4e4e7cee4777a4
                                                                                                                                                                                                                                        • Instruction ID: 94f71e172b05899a8b4005c81cb0395e1ca8b8ef573c2d184f51a6775f5aaec5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 68f18b20b2b54fc4fb8e78159d94e5efd9ca99723c8a9c9add4e4e7cee4777a4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90111275F28A0281EB15DB96F95627923A2FF88BE0B485035CD2D47764DF3CF4948302
                                                                                                                                                                                                                                        Function 00007FF8E6A546D0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveStringTuple
                                                                                                                                                                                                                                        • String ID: :Reset$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 3004187977-3082310266
                                                                                                                                                                                                                                        • Opcode ID: 3c21d53f1f78df2bab4af7892b1de082c4b20565c256ea4ff4ff7b0d2c981bdd
                                                                                                                                                                                                                                        • Instruction ID: 31486c417cd0be8cf80d3b17a23fd20ba842eb0031b59e74e020fb9383745e99
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3c21d53f1f78df2bab4af7892b1de082c4b20565c256ea4ff4ff7b0d2c981bdd
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E3113D65F28A0282EB15DBA6F95623923A2FF89BE0B485035CD2D47764DE2CF490C702
                                                                                                                                                                                                                                        Function 00007FF8E6A5B610 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveStringTuple
                                                                                                                                                                                                                                        • String ID: :Reset$The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 3004187977-3082310266
                                                                                                                                                                                                                                        • Opcode ID: cc433defc4807ca8bfe05cd067b192bbf296f5bfd510e23ebe762638e2288aff
                                                                                                                                                                                                                                        • Instruction ID: 5b7b5e21b3d72c27403432dd897c5347e4a8aa20b4f87885bfa5fd68ae6d4450
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc433defc4807ca8bfe05cd067b192bbf296f5bfd510e23ebe762638e2288aff
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3113065F28B0282EA15DB96F95627523A2FF48BE0B485035CD2D477A4DE3CF4918301
                                                                                                                                                                                                                                        Function 00007FF8E6A37750 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • PyArg_ParseTuple.PYTHON313 ref: 00007FF8E6A37763
                                                                                                                                                                                                                                        • ?PyWinObject_AsHANDLE@@YAHPEAU_object@@PEAPEAX@Z.PYWINTYPES313 ref: 00007FF8E6A3777B
                                                                                                                                                                                                                                        • PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A3778F
                                                                                                                                                                                                                                        • RevokeDragDrop.OLE32 ref: 00007FF8E6A3779D
                                                                                                                                                                                                                                        • PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A377A8
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A24CFC
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A24D3F
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A24D49
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: GetErrorInfo.OLEAUT32 ref: 00007FF8E6A24D59
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A24D64
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_SaveThread.PYTHON313 ref: 00007FF8E6A24D85
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FF8E6A24D9C
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: ?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z.PYWINTYPES313 ref: 00007FF8E6A24DBC
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: Py_BuildValue.PYTHON313 ref: 00007FF8E6A24DDD
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: _Py_Dealloc.PYTHON313 ref: 00007FF8E6A24DF4
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: PyErr_SetObject.PYTHON313 ref: 00007FF8E6A24E07
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24CC0: _Py_Dealloc.PYTHON313 ref: 00007FF8E6A24E20
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$RestoreSave$DeallocObject_U_object@@$Arg_BuildDragDropErr_ErrorFromInfoObjectParseRevokeTupleValue
                                                                                                                                                                                                                                        • String ID: O:RevokeDragDrop
                                                                                                                                                                                                                                        • API String ID: 56059392-3396276766
                                                                                                                                                                                                                                        • Opcode ID: db1ec274f75df3bf19f997c731c9092b05475f5e4bcd8762e95543da29b400ef
                                                                                                                                                                                                                                        • Instruction ID: a426d6fcad8d842b08c5d853a2cffd0f9bcfb8e9146ebb3958711605f2810cb8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: db1ec274f75df3bf19f997c731c9092b05475f5e4bcd8762e95543da29b400ef
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 99112126F28A4382EA04DFA6E84627963A1FF89BD4F880035DA5D47724CF3CE545C701
                                                                                                                                                                                                                                        Function 00007FF8E6A34380 Relevance: 10.5, APIs: 7, Instructions: 28threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Thread$Eval_GlobalLock@@UninitializeWin_$AcquireCurrentReleaseRestoreSave
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1455255957-0
                                                                                                                                                                                                                                        • Opcode ID: fd79e4f10c0e1818b30bb0f24df0dbc36a9b17bf35b10442b00f2118b503ffb5
                                                                                                                                                                                                                                        • Instruction ID: a2b95f83640a662aeaaaeeae559cece0378868015bb54346dc99373cc7bbfd9e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd79e4f10c0e1818b30bb0f24df0dbc36a9b17bf35b10442b00f2118b503ffb5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C9017935F69607C6F6546BE5E84A33863A0FF0ABE5F441438C92D06270DE3C7488D613
                                                                                                                                                                                                                                        Function 00007FF8E6A44570 Relevance: 9.1, APIs: 6, Instructions: 86COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Tuple_$Item$FromLongLong_Referencemalloc
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2262048582-0
                                                                                                                                                                                                                                        • Opcode ID: 4c3a249609a1a876e3074aebdc699aa25a0f91fd60e9d94ed9810d30a7551712
                                                                                                                                                                                                                                        • Instruction ID: 9b1ce098f178db4fecad4c0da8c81a3c36089ca58625efcc7f3bdf2cbb5f458d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4c3a249609a1a876e3074aebdc699aa25a0f91fd60e9d94ed9810d30a7551712
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E314876A147518BD660DF96E845A2AB3E8FB48B91B054135DF8E43B11DF3CE482CB01
                                                                                                                                                                                                                                        Function 00007FF8E6A26670 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: State_$D@@@DeallocDict_EnsureFromItemLong_Object_ReleaseU_object@@Void
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2511354192-0
                                                                                                                                                                                                                                        • Opcode ID: f9aace2356f43bfea9000073c30e387ec8e0ce648aa91d3364322bcdd710c4ec
                                                                                                                                                                                                                                        • Instruction ID: c124d338cf7388408295d2356c4620d173d7038c6f8162fac5fe2e4e0f3116cf
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f9aace2356f43bfea9000073c30e387ec8e0ce648aa91d3364322bcdd710c4ec
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA218E36F29B4286EA149F92F845329A3E0FB88BD0F081434DE5D4BB55DF3CE4518705
                                                                                                                                                                                                                                        Function 00007FF8E6A24770 Relevance: 9.1, APIs: 6, Instructions: 53COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24380: OutputDebugStringW.KERNEL32(?,?,00000000,00000000,00007FF8E6A249DA), ref: 00007FF8E6A2438A
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24380: PyErr_Fetch.PYTHON313(?,?,00000000,00000000,00007FF8E6A249DA), ref: 00007FF8E6A2439F
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24380: PySys_GetObject.PYTHON313(?,?,00000000,00000000,00007FF8E6A249DA), ref: 00007FF8E6A243AC
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24380: ?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z.PYWINTYPES313(?,?,00000000,00000000,00007FF8E6A249DA), ref: 00007FF8E6A243C2
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24380: PyFile_WriteObject.PYTHON313(?,?,00000000,00000000,00007FF8E6A249DA), ref: 00007FF8E6A243DC
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24380: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,00000000,00000000,00007FF8E6A249DA), ref: 00007FF8E6A243EB
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24380: fprintf.MSPDB140-MSVCRT ref: 00007FF8E6A243FE
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24380: _Py_Dealloc.PYTHON313(?,?,00000000,00000000,00007FF8E6A249DA), ref: 00007FF8E6A24411
                                                                                                                                                                                                                                          • Part of subcall function 00007FF8E6A24380: PyErr_Restore.PYTHON313(?,?,00000000,00000000,00007FF8E6A249DA), ref: 00007FF8E6A2442B
                                                                                                                                                                                                                                        • __stdio_common_vswprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF8E6A247AD
                                                                                                                                                                                                                                        • PyErr_Fetch.PYTHON313 ref: 00007FF8E6A247E9
                                                                                                                                                                                                                                        • PyErr_NormalizeException.PYTHON313 ref: 00007FF8E6A24808
                                                                                                                                                                                                                                        • ?GetPythonTraceback@@YAPEA_WPEAU_object@@00@Z.PYWINTYPES313 ref: 00007FF8E6A24829
                                                                                                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8E6A2483D
                                                                                                                                                                                                                                        • PyErr_Restore.PYTHON313 ref: 00007FF8E6A24852
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Err_$FetchObjectRestore$DeallocDebugExceptionFile_FromNormalizeObject_OutputPythonStringSys_Traceback@@U_object@@U_object@@00@Write__acrt_iob_func__stdio_common_vswprintffprintffree
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3328430175-0
                                                                                                                                                                                                                                        • Opcode ID: 60b8b7ffb4d918bbde304ec863cc24f66a213f94a1a1019f1ac907af1a82689f
                                                                                                                                                                                                                                        • Instruction ID: c2501c6b50da4070c23fcb4fb11b0df4b53d391582c1dea1ff07a8687dd45b15
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 60b8b7ffb4d918bbde304ec863cc24f66a213f94a1a1019f1ac907af1a82689f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 20213B36B28B82D1EB40DB91F4865AAB760FF84BD0F441036EA8E03669DE3CE444CB41
                                                                                                                                                                                                                                        Function 00007FF8E6A7881D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_BuildErr_ParseStringTupleValue
                                                                                                                                                                                                                                        • String ID: i:SizeOfVT$unknown variant type
                                                                                                                                                                                                                                        • API String ID: 601023725-4270758884
                                                                                                                                                                                                                                        • Opcode ID: e99bb5d10b2431ff27c4c2450fd3bb982ecebfbb8699caf6d5c122ff42c39f59
                                                                                                                                                                                                                                        • Instruction ID: aaa9ca072567cfe5f63c7b9d0f053eb907e27c4bfdc8aa0e04fe9944d732a4c9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e99bb5d10b2431ff27c4c2450fd3bb982ecebfbb8699caf6d5c122ff42c39f59
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D52193A2F1C58387E7018BB8E8963B83BA0FF497D8F584071C68982254DD1CF157D702
                                                                                                                                                                                                                                        Function 00007FF8E6A3B7C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: State_$D@@@DeallocEnsureObject_ReleaseU_object@@
                                                                                                                                                                                                                                        • String ID: GetClassID
                                                                                                                                                                                                                                        • API String ID: 1645649514-1890744744
                                                                                                                                                                                                                                        • Opcode ID: 6d967699810e214aba411f50f78f46df7977191031baef2c71294a2eb3e6ad20
                                                                                                                                                                                                                                        • Instruction ID: bacf2ad25dd63ac0bcf31dc4f1bce444d7c47cc1dcd715286ee30ada10c625b4
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6d967699810e214aba411f50f78f46df7977191031baef2c71294a2eb3e6ad20
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7218176F28B4682EB10ABA5E85A36D63A1FF89BD4F444031DE4E47715DE3CE4058B01
                                                                                                                                                                                                                                        Function 00007FF8E6A71850 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Tuple_$Item$BuildValue$Dealloc
                                                                                                                                                                                                                                        • String ID: (ii)
                                                                                                                                                                                                                                        • API String ID: 3753781149-4115259616
                                                                                                                                                                                                                                        • Opcode ID: b3d13d3f501743bb360580fe62f720b8139fdeb79a7d28346464c8d29d2226ac
                                                                                                                                                                                                                                        • Instruction ID: d541d3849ad9ed008c69d0f8e9134f8dcd72ff23ae47605289e55169566235cd
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b3d13d3f501743bb360580fe62f720b8139fdeb79a7d28346464c8d29d2226ac
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 29016122F28785C6E7048F62E8451B973A1FB84FD9B484431EE5907B59DF3CE852C741
                                                                                                                                                                                                                                        Function 00007FF8E6A608A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: State_$DeallocEnsureFromObject_ReleaseU_object@@
                                                                                                                                                                                                                                        • String ID: Load
                                                                                                                                                                                                                                        • API String ID: 4093839183-2234796835
                                                                                                                                                                                                                                        • Opcode ID: cd04774691088bb2c5a989e58d7f9fd3e7a29c4cb896ae34f0d85d1fa2dc603c
                                                                                                                                                                                                                                        • Instruction ID: e84c71d75f56e4117d7664c9b7b826654d66bebfca02b46b46a34cb0a7774c0e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cd04774691088bb2c5a989e58d7f9fd3e7a29c4cb896ae34f0d85d1fa2dc603c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09013936B28B42C2EB008FA1F905269B3A0FB99BE4F484031DE5D43B28DF3CD5948701
                                                                                                                                                                                                                                        Function 00007FF8E6A37530 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37threadcomclipboardCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Arg_ClipboardFlushParseRestoreSaveTuple
                                                                                                                                                                                                                                        • String ID: :OleFlushClipboard
                                                                                                                                                                                                                                        • API String ID: 994633628-2909607431
                                                                                                                                                                                                                                        • Opcode ID: 8ac89f65eaf2e0ae206c7b0a671e31e76a3444249749940ee003a74cb76f0990
                                                                                                                                                                                                                                        • Instruction ID: 15196441947cd555fd3164f49076aee15e48a14848c0a69a0f72f46cda299877
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ac89f65eaf2e0ae206c7b0a671e31e76a3444249749940ee003a74cb76f0990
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A7012C35F68A4282EB18ABA6E84627923E1FF8DBD4F880435D95D87364DF3CF1458702
                                                                                                                                                                                                                                        Function 00007FF8E6A29630 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: State_$CallDeallocEnsureMethodObject_Release
                                                                                                                                                                                                                                        • String ID: _GetNameSpaceParent_
                                                                                                                                                                                                                                        • API String ID: 3715620727-2203319814
                                                                                                                                                                                                                                        • Opcode ID: c3534e490f02fa6dd5337582f2c666aa5afb906ba97738069805392142b9802e
                                                                                                                                                                                                                                        • Instruction ID: e2450400aea07c73cf3c7be5c0cdf08f9fea60f3197276e1b76f6ba5122ee65d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c3534e490f02fa6dd5337582f2c666aa5afb906ba97738069805392142b9802e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 79015A22F28B4282FB149BA2F85676863A0FF88BE4F045430DE1D47765EE3CE445C742
                                                                                                                                                                                                                                        Function 00007FF8E6A3C5F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: State_$DeallocEnsureLongLong_Release
                                                                                                                                                                                                                                        • String ID: IsDirty
                                                                                                                                                                                                                                        • API String ID: 1519730240-535502831
                                                                                                                                                                                                                                        • Opcode ID: 3d0743fbe4dd6409113d59f2b052ac450f83edd4ca4a57ffbea1203645b1baaa
                                                                                                                                                                                                                                        • Instruction ID: fd311ed04a8335987be6878a44b6345c40ae7510886cc94bee2586603c67e438
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3d0743fbe4dd6409113d59f2b052ac450f83edd4ca4a57ffbea1203645b1baaa
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E011E33F28B5282E7409BA5E48566D63A4FB88BD8F552031DA5E43654CF3DD445C741
                                                                                                                                                                                                                                        Function 00007FF8E6A466F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: State_$DeallocEnsureLongLong_Release
                                                                                                                                                                                                                                        • String ID: IsDirty
                                                                                                                                                                                                                                        • API String ID: 1519730240-535502831
                                                                                                                                                                                                                                        • Opcode ID: dd1ce7138e4cfb9051e4ec4dcb4a0202090ac9d52e892c1b945430719ffe178b
                                                                                                                                                                                                                                        • Instruction ID: 0a1abfd0064254f891e28bdbf5cbbfdc466570187017ff8ca0b7ee868931a253
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd1ce7138e4cfb9051e4ec4dcb4a0202090ac9d52e892c1b945430719ffe178b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4011E37F28B5282E7409BA5E48576963A4FF88BD8F551031DA5E43614CE3CD445C741
                                                                                                                                                                                                                                        Function 00007FF8E6A5D700 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: State_$DeallocEnsureFromObject_R@@@ReleaseU_object@@
                                                                                                                                                                                                                                        • String ID: SetSize
                                                                                                                                                                                                                                        • API String ID: 3310634197-2911674618
                                                                                                                                                                                                                                        • Opcode ID: 971f2d20354e8fd7f6a4d8f5a64c3f52c16e03786dcf14da839b6040d7ca01c3
                                                                                                                                                                                                                                        • Instruction ID: 73bbf8bf9289ee5f18db8fb5e977efdff77bbebd8d4004bf3acd4e4d9ea48080
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 971f2d20354e8fd7f6a4d8f5a64c3f52c16e03786dcf14da839b6040d7ca01c3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4014836F28B6282EB009BA4E649228A3B4FB44BE4F404431DE5C43B58EF3CE555C701
                                                                                                                                                                                                                                        Function 00007FF8E6A32390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Arg_ClassObjectsParseRestoreResumeSaveTuple
                                                                                                                                                                                                                                        • String ID: :CoResumeClassObjects
                                                                                                                                                                                                                                        • API String ID: 579042037-995057619
                                                                                                                                                                                                                                        • Opcode ID: a1ae044dc858589a26809cdb6a8c1d4088e4bdbc98bbc36a9cb1891a349cb8a2
                                                                                                                                                                                                                                        • Instruction ID: ffafe8608341daabcfce0689b32d652e6c05ebc745ce6b80fdf3b274d31148ec
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a1ae044dc858589a26809cdb6a8c1d4088e4bdbc98bbc36a9cb1891a349cb8a2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 15012832F28A4282EA149F96E84626963E2FF89BD4F884135DA5D43324CE3CF1558702
                                                                                                                                                                                                                                        Function 00007FF8E6A78500 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Long$Arg_Err_FromLong_ParseStringTupleUnsigned
                                                                                                                                                                                                                                        • String ID: argument must be 8 characters$s#:UL64
                                                                                                                                                                                                                                        • API String ID: 329311993-2289726216
                                                                                                                                                                                                                                        • Opcode ID: 7938910b0a3f077d94f59d9e33b7783c79098e877c911b53a34d434f53f042b9
                                                                                                                                                                                                                                        • Instruction ID: 4bfc89d5da24839caac1618acff9aabea72e4f2aebaa5a4ca60ade9e28c799c1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7938910b0a3f077d94f59d9e33b7783c79098e877c911b53a34d434f53f042b9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A4F01221F29903C1EB04DBA5E88626923B1FF85BD9F940032DA1D46524CE3DE559C702
                                                                                                                                                                                                                                        Function 00007FF8E6A7972D Relevance: 7.6, APIs: 5, Instructions: 56COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: FromLongLong_Object_R@@@U_object@@$SizeTuple_
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2536423618-0
                                                                                                                                                                                                                                        • Opcode ID: 83d707271d8bbeb4c37f74b4487810e791dd6995d1454972390dd8f4f5cdab5e
                                                                                                                                                                                                                                        • Instruction ID: 354799072bfd08cfe06cc3510b8d94cb63c5f49185a20b70792a530e0b68a188
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 83d707271d8bbeb4c37f74b4487810e791dd6995d1454972390dd8f4f5cdab5e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E4211A66F28A5285FA749F95E45237923A1FF98BE6F440432CE5E473A0DE2CF8059212
                                                                                                                                                                                                                                        Function 00007FF8E6A79713 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: FromLongLong_Object_R@@@U_object@@$SizeTuple_
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2536423618-0
                                                                                                                                                                                                                                        • Opcode ID: 7126636ff5fbfef15ad5e9bb3a890d352a4db2f035d3941cbed292845a2de881
                                                                                                                                                                                                                                        • Instruction ID: 0c37cc56486843bb154d277f93462b11334d53cbd191722c77e87d8e3f2c2b9c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7126636ff5fbfef15ad5e9bb3a890d352a4db2f035d3941cbed292845a2de881
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC211A65F28A5285FA749F95E45237923A1FF98BE2F440432CE9E477A0DE2CF8059312
                                                                                                                                                                                                                                        Function 00007FF8E6A3188E Relevance: 7.5, APIs: 5, Instructions: 43threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$FreeRestoreSave$Object_Task
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 783668138-0
                                                                                                                                                                                                                                        • Opcode ID: 820d6485c1b572dbe88501ffbc4fa96cc3d19f051fba35e38e1c8f818ff5b0b7
                                                                                                                                                                                                                                        • Instruction ID: 40365affa183bb908cb1c65357cb52ba73b6892ac4f91955d02ca2146c72e75c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 820d6485c1b572dbe88501ffbc4fa96cc3d19f051fba35e38e1c8f818ff5b0b7
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D21E936A18A41C6D754DB48E48536EB3B0F7C6B90F100035EA9E477A4CF3DE885CB01
                                                                                                                                                                                                                                        Function 00007FF8E6A69850 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46threadCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Eval_Thread$Err_RestoreSaveString
                                                                                                                                                                                                                                        • String ID: The Python object is invalid
                                                                                                                                                                                                                                        • API String ID: 695671107-2445808733
                                                                                                                                                                                                                                        • Opcode ID: a2796d78fa384c94eac0d4eebfac4cf66185b162b59c039c5059b5ea3163b916
                                                                                                                                                                                                                                        • Instruction ID: 59edc0d12aeed3a3c67e9e5ea2fb4d219c872ff2219406184b53d6beacb01f4c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a2796d78fa384c94eac0d4eebfac4cf66185b162b59c039c5059b5ea3163b916
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 81115E36F2CA4282EB559B96F55627D73A0FF48BE4F441032DE2E47764DE2CE4518702
                                                                                                                                                                                                                                        Function 00007FF8E6A785A0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Long$Arg_Bytes_FromLong_ParseSizeStringTupleUnsigned
                                                                                                                                                                                                                                        • String ID: O!:strUL64
                                                                                                                                                                                                                                        • API String ID: 3897942398-3999675700
                                                                                                                                                                                                                                        • Opcode ID: 232cfefb3a415edd69ea6ad47ec3751f0987da64a692cd6ecd497953bcc3b4b2
                                                                                                                                                                                                                                        • Instruction ID: 2200ec079d395c2eabb3129fafb4e655339dbe0905ac4858c7e65f5a43b234f3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 232cfefb3a415edd69ea6ad47ec3751f0987da64a692cd6ecd497953bcc3b4b2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1DE0ED25F29A4381EA44DFA1F84226933B0FB867E4F900431DB5D46624DE3CE59A8741
                                                                                                                                                                                                                                        Function 00007FF8E6A796B5 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocErr_LongLong_$FromObjectObject_SizeStringTuple_U_object@@memcpy
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 765997161-0
                                                                                                                                                                                                                                        • Opcode ID: 99d853281744b847a397d1f53c28ef11fdcc589b22e329a43df4055f62d7376d
                                                                                                                                                                                                                                        • Instruction ID: 2758ba4ec1d7cd42811c9c69f969a2020cf284ec6489b93a760c1c7c11201ec3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99d853281744b847a397d1f53c28ef11fdcc589b22e329a43df4055f62d7376d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EE215E66F28A5281FA349F95E45237923A1FF98BF6F400432CE5E473A0DE2CF8059312
                                                                                                                                                                                                                                        Function 00007FF8E6A796BD Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocErr_LongLong_$FromObjectObject_SizeStringTuple_U_object@@memcpy
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 765997161-0
                                                                                                                                                                                                                                        • Opcode ID: 11d6bcbad7048e0c054be25191fc6888b00fed8ff16394cf8b3a191bd5fcf63a
                                                                                                                                                                                                                                        • Instruction ID: e6ddfd1f71db089d930aa1adcbaf77fc7bdd346327ebfa5508262e952bf5ba4f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 11d6bcbad7048e0c054be25191fc6888b00fed8ff16394cf8b3a191bd5fcf63a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 63215E66F28A5281FA349F95E45237923A1FF98BF6F400432CE5E473A1DE2CF4059312
                                                                                                                                                                                                                                        Function 00007FF8E6A796C5 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeallocErr_LongLong_$FromObjectObject_SizeStringTuple_U_object@@memcpy
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 765997161-0
                                                                                                                                                                                                                                        • Opcode ID: ccfba71dc46fa59e42b5944861d6b7711cfaeb89e0118ef10f97b04e325ad306
                                                                                                                                                                                                                                        • Instruction ID: 8b4b79088f668cc8db35db730bd6dfac58bdf8ec5dc78ae469c26d9eeece726d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ccfba71dc46fa59e42b5944861d6b7711cfaeb89e0118ef10f97b04e325ad306
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF214D66F28A5281EA349F95E45237923A1FB98BE6F400432CE5E473A0DE2CF4059312
                                                                                                                                                                                                                                        Function 00007FF8E6A79708 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: LongLong_$DeallocErr_FromObject_SizeStringTuple_U_object@@
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2632132997-0
                                                                                                                                                                                                                                        • Opcode ID: 8b50dd71f2afe396f78e5e3bcd47f300c3422ad01ac1133c6f85b1c4bf5470d6
                                                                                                                                                                                                                                        • Instruction ID: c30bfc1d5eff2bbedd21fae0292c676fb09fb86bb06cb35e92641a165c5109b2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b50dd71f2afe396f78e5e3bcd47f300c3422ad01ac1133c6f85b1c4bf5470d6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 21112E76F28A5285FA749F95E45137923A1FB98BF6F440432CE9E473A0DE2CF8059312
                                                                                                                                                                                                                                        Function 00007FF8E6A796FD Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: LongLong_String$Bytes_DeallocErr_FromSizeTuple_
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1284453918-0
                                                                                                                                                                                                                                        • Opcode ID: 6ed2c3dac3dac34035185257ff3ccc958aeba063bd22a6b485ea2b3a5fac3144
                                                                                                                                                                                                                                        • Instruction ID: e185a71b99ca53d8cdc6e07ecf89ed3ebfa89edb7713da66f8d9eb96a39344a3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ed2c3dac3dac34035185257ff3ccc958aeba063bd22a6b485ea2b3a5fac3144
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AF114C76F28A5285EA749F95E05137923A1FB88BE6F400432CE9E473A0DE2CF8019312
                                                                                                                                                                                                                                        Function 00007FF8E6A79747 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Long_$Long$DeallocErr_FromSizeStringTuple_Void
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 4151990473-0
                                                                                                                                                                                                                                        • Opcode ID: 3a1d0cb427ff50bac2e13f302c73860293e519b7d6c1895e37388ac695eb7a56
                                                                                                                                                                                                                                        • Instruction ID: d8d03ee9fe432457df305f9bbcf501fb14281f7eaefc5ec2bfa7bf41ec465445
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3a1d0cb427ff50bac2e13f302c73860293e519b7d6c1895e37388ac695eb7a56
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8D116D66F28A5281FA349F95E05137923A1FB88BF2F440436CE5E473A0DE2CF8019312
                                                                                                                                                                                                                                        Function 00007FF8E6A277A0 Relevance: 6.0, APIs: 4, Instructions: 44threadwindowCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: State_$DeallocEnsureMessagePostReleaseThread
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2729011261-0
                                                                                                                                                                                                                                        • Opcode ID: f92e162427310c49f1e2f526082893fc7d4f5cf52090ef30a0f9ba200c1458ae
                                                                                                                                                                                                                                        • Instruction ID: 13c5498be9fdeadd5e4ff9222b7b729d861fca87812581316818083669800248
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f92e162427310c49f1e2f526082893fc7d4f5cf52090ef30a0f9ba200c1458ae
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 52114232F29B0186EB459FA8E45677937A4FF44BA4F140531C91D427A0CF3DE985C742
                                                                                                                                                                                                                                        Function 00007FF8E6A2E510 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Dealloc$ConcatUnicode_
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 973650400-0
                                                                                                                                                                                                                                        • Opcode ID: f2ec0b04d0cf53d7425a2969d3e2008c0b9a55915d45d2f15facfae4f40e3a49
                                                                                                                                                                                                                                        • Instruction ID: d3c340e4b5fbbbe6a549d495d0e1bd7f6925dca1cb84cba28a576bc6dcffba5f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f2ec0b04d0cf53d7425a2969d3e2008c0b9a55915d45d2f15facfae4f40e3a49
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F5016D32F7AA4281EB858FA5F60572873A4FB54BD8F049030DA6902B44EF3DE4918702
                                                                                                                                                                                                                                        Function 00007FF8E6A728E3 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Global$Size$Bytes_FromLockStringUnlock
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 911184104-0
                                                                                                                                                                                                                                        • Opcode ID: 29b85938cf0b3a91f0d98d1f346e26298622598660a1be10a37f41af03a5a3b4
                                                                                                                                                                                                                                        • Instruction ID: 8dc0f234a5f05ce453b730603fb1dc64b22353eeda5b4ec7a872ac3e93030407
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 29b85938cf0b3a91f0d98d1f346e26298622598660a1be10a37f41af03a5a3b4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A9F01D26F69A0286EA509F57E45522923A1FF58FE5B080431CF5E47355DE3CF8918301
                                                                                                                                                                                                                                        Function 00007FF8E6A72660 Relevance: 6.0, APIs: 4, Instructions: 28memoryCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Global$AllocErr_MemorySizememcpy
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1092170675-0
                                                                                                                                                                                                                                        • Opcode ID: b98035858a0c3effd8288935a4ecc66f0fce42e7d3d39beeabc18ad413944e5b
                                                                                                                                                                                                                                        • Instruction ID: 778ed534f82df0bd5d1915759b109136051a0107cc1db963a1215a2160a0f3d4
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b98035858a0c3effd8288935a4ecc66f0fce42e7d3d39beeabc18ad413944e5b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90F01D62F29A4186EA448B56F44522A63A0FB48BD0B441435EF5E47755DF2CF4E18700
                                                                                                                                                                                                                                        Function 00007FF8E6A527C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: State_$EnsureRelease
                                                                                                                                                                                                                                        • String ID: DUnadvise
                                                                                                                                                                                                                                        • API String ID: 715727267-1018835392
                                                                                                                                                                                                                                        • Opcode ID: e8ba20a68a4bc86554509d512f520de24a763bfc1729f21fbd04d9169c7669c9
                                                                                                                                                                                                                                        • Instruction ID: a0520aa885f2e641a13fa89d7e0404372797f776d1bf019c1dc666d8152f4605
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e8ba20a68a4bc86554509d512f520de24a763bfc1729f21fbd04d9169c7669c9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 02F03A36F24B61C2EB008F69F4042596370FB88B94F544531DE5C93718DE3CD445CB00
                                                                                                                                                                                                                                        Function 00007FF8E6A47760 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: State_$EnsureRelease
                                                                                                                                                                                                                                        • String ID: Commit
                                                                                                                                                                                                                                        • API String ID: 715727267-1232612251
                                                                                                                                                                                                                                        • Opcode ID: b21ec9d3d4c7731d07e204df68bc54d3499f784c1dcb17fcdffe5861d9e0394f
                                                                                                                                                                                                                                        • Instruction ID: f9e783dd71134e32015febfa2edb187b9f02866f87024c08131f00590f149979
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b21ec9d3d4c7731d07e204df68bc54d3499f784c1dcb17fcdffe5861d9e0394f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 29F03A36F24A6282EB008F69F408259A360FB88B94B444532DE5C83718DF3CD445CB00
                                                                                                                                                                                                                                        Function 00007FF8E6A57660 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: State_$EnsureRelease
                                                                                                                                                                                                                                        • String ID: Skip
                                                                                                                                                                                                                                        • API String ID: 715727267-1480915523
                                                                                                                                                                                                                                        • Opcode ID: 9058ef396169b30aefdc5e0416343158c28c4d19a2c9e8a540e1711c94387d69
                                                                                                                                                                                                                                        • Instruction ID: 9273060d0672e403c49574ff9bc49af3c8b55323140c32b4e07182dffbba8a84
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9058ef396169b30aefdc5e0416343158c28c4d19a2c9e8a540e1711c94387d69
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A4F03A36F24A6282EB008F69F408259A3A0FB88B94F444532DF5C83718DF3CD445CB00
                                                                                                                                                                                                                                        Function 00007FF8E6A45650 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: State_$EnsureRelease
                                                                                                                                                                                                                                        • String ID: Skip
                                                                                                                                                                                                                                        • API String ID: 715727267-1480915523
                                                                                                                                                                                                                                        • Opcode ID: 23a8da1d8b2f3b00a3b8504d90bc360abbef92d817d11d8ba64ddd25ffb291f9
                                                                                                                                                                                                                                        • Instruction ID: 9273060d0672e403c49574ff9bc49af3c8b55323140c32b4e07182dffbba8a84
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 23a8da1d8b2f3b00a3b8504d90bc360abbef92d817d11d8ba64ddd25ffb291f9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A4F03A36F24A6282EB008F69F408259A3A0FB88B94F444532DF5C83718DF3CD445CB00
                                                                                                                                                                                                                                        Function 00007FF8E6A477C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: State_$EnsureRelease
                                                                                                                                                                                                                                        • String ID: Revert
                                                                                                                                                                                                                                        • API String ID: 715727267-3951012024
                                                                                                                                                                                                                                        • Opcode ID: 0c059b7f5a25823b82a075a3de6e9ed1c40efb00b4a1d2024a7ddf53db951d30
                                                                                                                                                                                                                                        • Instruction ID: d7e528438b0be166ac0f0719a8754f60651e61b81b825ee270bee8fa2da51d6c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c059b7f5a25823b82a075a3de6e9ed1c40efb00b4a1d2024a7ddf53db951d30
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 04E09223F2465282EB005BB9F499B1C63A0FB9CBC8F455030DE1947614DD3CD4488700
                                                                                                                                                                                                                                        Function 00007FF8E6A60850 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: State_$EnsureRelease
                                                                                                                                                                                                                                        • String ID: IsDirty
                                                                                                                                                                                                                                        • API String ID: 715727267-535502831
                                                                                                                                                                                                                                        • Opcode ID: 8c3f088fd76946eb6851e874c7616a4dfcdb5d71400ce54d42518e4a758c38af
                                                                                                                                                                                                                                        • Instruction ID: 5efe80d99243c96e591607b19f1c8c6f9739eed6f0049f5c92007eb3a6bb97cc
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8c3f088fd76946eb6851e874c7616a4dfcdb5d71400ce54d42518e4a758c38af
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2DE09A23F24A4282EB009BB5F489A2C63A0FB8CBE4F856030DB1987614DE3CD8898700
                                                                                                                                                                                                                                        Function 00007FF8E6A5A510 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: State_$EnsureRelease
                                                                                                                                                                                                                                        • String ID: Reset
                                                                                                                                                                                                                                        • API String ID: 715727267-2438762569
                                                                                                                                                                                                                                        • Opcode ID: 3faca6b4bd5b1f2735f0105c045a1eb13038efbeb16938a701c7526414eec165
                                                                                                                                                                                                                                        • Instruction ID: 7279207ec59db473e326f052c7d95c7b12746bc92044160876011922f0989c68
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3faca6b4bd5b1f2735f0105c045a1eb13038efbeb16938a701c7526414eec165
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53E09223F2465282EB005BB9F489B1C63A0FB9CBD4F455030DF1947614DD3CD4488700
                                                                                                                                                                                                                                        Function 00007FF8E6A456B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: State_$EnsureRelease
                                                                                                                                                                                                                                        • String ID: Reset
                                                                                                                                                                                                                                        • API String ID: 715727267-2438762569
                                                                                                                                                                                                                                        • Opcode ID: 5cee90ab110b5e07b6c80498cc72ba4e2ac07fbdb28b4067ae0b2f62934e850e
                                                                                                                                                                                                                                        • Instruction ID: 7279207ec59db473e326f052c7d95c7b12746bc92044160876011922f0989c68
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5cee90ab110b5e07b6c80498cc72ba4e2ac07fbdb28b4067ae0b2f62934e850e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53E09223F2465282EB005BB9F489B1C63A0FB9CBD4F455030DF1947614DD3CD4488700
                                                                                                                                                                                                                                        Function 00007FF8E6A5D6B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: State_$EnsureRelease
                                                                                                                                                                                                                                        • String ID: Flush
                                                                                                                                                                                                                                        • API String ID: 715727267-1965063083
                                                                                                                                                                                                                                        • Opcode ID: cf7489b0eaff020e9fcffe4ee9769259bd0fd40b46cdb2390cc99efb6aef9740
                                                                                                                                                                                                                                        • Instruction ID: 00076777b7097d020a2007904255d65a3eec0b58d199897952dab36c6cfd6b29
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cf7489b0eaff020e9fcffe4ee9769259bd0fd40b46cdb2390cc99efb6aef9740
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2E06D22F24A16C2EB009BB9F4496686360FB48B94F444031DE1947214DE3CD449C700
                                                                                                                                                                                                                                        Function 00007FF8E6A576C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: State_$EnsureRelease
                                                                                                                                                                                                                                        • String ID: Reset
                                                                                                                                                                                                                                        • API String ID: 715727267-2438762569
                                                                                                                                                                                                                                        • Opcode ID: d44d15d4b8bfa292cd50c8703d5194dc040c4334107febb975d7957cea8f9b22
                                                                                                                                                                                                                                        • Instruction ID: 7279207ec59db473e326f052c7d95c7b12746bc92044160876011922f0989c68
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d44d15d4b8bfa292cd50c8703d5194dc040c4334107febb975d7957cea8f9b22
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53E09223F2465282EB005BB9F489B1C63A0FB9CBD4F455030DF1947614DD3CD4488700
                                                                                                                                                                                                                                        Function 00007FF8E6A46670 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: State_$EnsureRelease
                                                                                                                                                                                                                                        • String ID: HandsOffStorage
                                                                                                                                                                                                                                        • API String ID: 715727267-722837440
                                                                                                                                                                                                                                        • Opcode ID: 613ed996d0a544814b13cec0af9d3618824f7f3c8065a6c53501b073da32086e
                                                                                                                                                                                                                                        • Instruction ID: e08e3d2e77d01a019e6c05316892fd6ed9bb670c4d483b2fbc4b393a8b51a6ae
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 613ed996d0a544814b13cec0af9d3618824f7f3c8065a6c53501b073da32086e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6FE09A23F24A4282EB009BB5F489A2C63A0FB8CBE4F856030DB1987614DE3CD8898700
                                                                                                                                                                                                                                        Function 00007FF8E6A78560 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2626192871.00007FF8E6A21000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8E6A20000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626143093.00007FF8E6A20000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626263035.00007FF8E6A7E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626325301.00007FF8E6AB1000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626371201.00007FF8E6ABC000.00000008.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626419666.00007FF8E6ABD000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2626467633.00007FF8E6AC6000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff8e6a20000_user.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Arg_Bytes_FromParseSizeStringTuple
                                                                                                                                                                                                                                        • String ID: L:strL64
                                                                                                                                                                                                                                        • API String ID: 4252258149-2264511172
                                                                                                                                                                                                                                        • Opcode ID: 8e23a64006ad3b0771e25865773678a12317a5b2e98ed9c61afcfdade862c04a
                                                                                                                                                                                                                                        • Instruction ID: 714a1ec6a1431816d02085647b7228fd398a7a030daf667ff2a51edc476b93c1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e23a64006ad3b0771e25865773678a12317a5b2e98ed9c61afcfdade862c04a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2D05E10F29443C2FA449BA1EC823A933A1FF85795FD44432CA1D86554DE2CEA9AC741