Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
LEmcGUQfA7.exe

Overview

General Information

Sample name:LEmcGUQfA7.exe
renamed because original name is a hash value
Original sample name:36c21ad5cdbe18051c6b3024919db784.exe
Analysis ID:1585288
MD5:36c21ad5cdbe18051c6b3024919db784
SHA1:4b01afb660b7bb77278f5cea5f7e07c62e8022fc
SHA256:7630174961b715a64d919c822234ffec4289a4e7cbb5bef1464aa19106b59ead
Tags:exeuser-abuse_ch
Infos:

Detection

Python Stealer, Creal Stealer
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Yara detected Creal Stealer
AI detected suspicious sample
Yara detected Generic Python Stealer
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

  • System is w10x64
  • LEmcGUQfA7.exe (PID: 7004 cmdline: "C:\Users\user\Desktop\LEmcGUQfA7.exe" MD5: 36C21AD5CDBE18051C6B3024919DB784)
    • LEmcGUQfA7.exe (PID: 7088 cmdline: "C:\Users\user\Desktop\LEmcGUQfA7.exe" MD5: 36C21AD5CDBE18051C6B3024919DB784)
      • cmd.exe (PID: 7108 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7116 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 7156 cmdline: C:\Windows\system32\cmd.exe /c pip install requests MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_CrealStealerYara detected Creal StealerJoe Security
    Process Memory Space: LEmcGUQfA7.exe PID: 7088JoeSecurity_GenericPythonStealerYara detected Generic Python StealerJoe Security
      Process Memory Space: LEmcGUQfA7.exe PID: 7088JoeSecurity_CrealStealerYara detected Creal StealerJoe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: LEmcGUQfA7.exeAvira: detected
        Antivirus detection for URL or domain
        Source: https://discord.gift/Avira URL Cloud: Label: malware
        Source: https://handler-phi.vercel.app/1.txtxtAvira URL Cloud: Label: malware
        Multi AV Scanner detection for submitted file
        Source: LEmcGUQfA7.exeReversingLabs: Detection: 55%
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 96.2% probability
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C89610 CRYPTO_malloc,ERR_put_error,CRYPTO_free,2_2_00007FFE75C89610
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CC7600 CRYPTO_free,CRYPTO_memdup,2_2_00007FFE75CC7600
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C975D0 EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_clear_free,2_2_00007FFE75C975D0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CDB49C CRYPTO_free,CRYPTO_memdup,2_2_00007FFE75CDB49C
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8247D CRYPTO_malloc,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_put_error,CRYPTO_clear_free,2_2_00007FFE75C8247D
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CA9470 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,2_2_00007FFE75CA9470
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CCD810 CRYPTO_free,CRYPTO_free,2_2_00007FFE75CCD810
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81A0A CRYPTO_zalloc,memcpy,memcpy,memcpy,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFE75C81A0A
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81163 EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFE75C81163
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81235 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FFE75C81235
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8176C CRYPTO_free,CRYPTO_malloc,memcmp,CRYPTO_memdup,2_2_00007FFE75C8176C
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C82063 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FFE75C82063
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CB7740 CRYPTO_free,2_2_00007FFE75CB7740
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C816F4 CRYPTO_malloc,CRYPTO_THREAD_lock_new,X509_up_ref,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,ERR_put_error,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,2_2_00007FFE75C816F4
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CA9700 ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_put_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data,2_2_00007FFE75CA9700
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81E15 ERR_put_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FFE75C81E15
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CED6B0 BN_num_bits,CRYPTO_malloc,BN_bn2bin,BN_clear_free,BN_clear_free,CRYPTO_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,2_2_00007FFE75CED6B0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CD96B0 CRYPTO_malloc,EVP_CIPHER_CTX_new,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,EVP_CIPHER_CTX_iv_length,EVP_CIPHER_iv_length,RAND_bytes,EVP_sha256,EVP_EncryptUpdate,EVP_EncryptFinal,HMAC_Update,HMAC_Final,2_2_00007FFE75CD96B0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CB3640 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,2_2_00007FFE75CB3640
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CCB660 X509_get0_pubkey,CRYPTO_malloc,RAND_bytes,EVP_PKEY_CTX_new,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FFE75CCB660
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C891D0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFE75C891D0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C82289 EVP_MD_size,EVP_CIPHER_iv_length,EVP_CIPHER_key_length,CRYPTO_clear_free,CRYPTO_malloc,2_2_00007FFE75C82289
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CD91D0 CRYPTO_free,CRYPTO_memdup,2_2_00007FFE75CD91D0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C814B5 ERR_put_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,OPENSSL_sk_value,X509_VERIFY_PARAM_get_depth,CRYPTO_dup_ex_data,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,2_2_00007FFE75C814B5
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C82004 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memcmp,_time64,2_2_00007FFE75C82004
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81929 BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,2_2_00007FFE75C81929
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C819F1 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,2_2_00007FFE75C819F1
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81114 CRYPTO_zalloc,CRYPTO_free,2_2_00007FFE75C81114
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81195 CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FFE75C81195
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81988 CRYPTO_free,CRYPTO_memdup,memcmp,CRYPTO_memdup,2_2_00007FFE75C81988
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81951 ERR_put_error,ASN1_item_free,memcpy,memcpy,_time64,X509_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,ASN1_item_free,2_2_00007FFE75C81951
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81073 ERR_put_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,2_2_00007FFE75C81073
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CD93F0 CRYPTO_free,CRYPTO_strndup,2_2_00007FFE75CD93F0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81433 CRYPTO_free,CRYPTO_strndup,2_2_00007FFE75C81433
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CB73B0 CRYPTO_free,CRYPTO_strdup,CRYPTO_free,2_2_00007FFE75CB73B0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81933 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFE75C81933
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8160E CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FFE75C8160E
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CB7340 CRYPTO_free,2_2_00007FFE75CB7340
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C82298 CRYPTO_memdup,ERR_put_error,CRYPTO_free,CRYPTO_free,2_2_00007FFE75C82298
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81A8C memcmp,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,CRYPTO_free,memcmp,memcmp,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FFE75C81A8C
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CCB290 CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FFE75CCB290
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CD3290 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,memcpy,2_2_00007FFE75CD3290
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CB3270 CRYPTO_THREAD_write_lock,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,2_2_00007FFE75CB3270
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C811EA CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow,CRYPTO_free,2_2_00007FFE75C811EA
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C82527 ERR_put_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FFE75C82527
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8DE30 CRYPTO_free,2_2_00007FFE75C8DE30
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CB7DC0 CRYPTO_free,2_2_00007FFE75CB7DC0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C820B8 CRYPTO_free,CRYPTO_malloc,memcpy,2_2_00007FFE75C820B8
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C82590 CRYPTO_free,CRYPTO_strdup,2_2_00007FFE75C82590
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C816D1 CRYPTO_zalloc,ERR_put_error,2_2_00007FFE75C816D1
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81C99 HMAC_CTX_new,EVP_CIPHER_CTX_new,EVP_sha256,HMAC_Init_ex,EVP_aes_256_cbc,HMAC_size,EVP_CIPHER_CTX_iv_length,HMAC_Update,HMAC_Final,CRYPTO_memcmp,EVP_CIPHER_CTX_iv_length,EVP_CIPHER_CTX_iv_length,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,2_2_00007FFE75C81C99
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81FF5 CRYPTO_free,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,2_2_00007FFE75C81FF5
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8102D CRYPTO_malloc,COMP_expand_block,2_2_00007FFE75C8102D
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81C8F CRYPTO_free,CRYPTO_memdup,2_2_00007FFE75C81C8F
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C95CF0 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,2_2_00007FFE75C95CF0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CA3CE0 CRYPTO_free,CRYPTO_memdup,2_2_00007FFE75CA3CE0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81348 CRYPTO_zalloc,ERR_put_error,2_2_00007FFE75C81348
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C9FC40 CRYPTO_zalloc,ERR_put_error,CRYPTO_free,2_2_00007FFE75C9FC40
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C97C70 CRYPTO_zalloc,2_2_00007FFE75C97C70
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C820FE BN_bin2bn,BN_is_zero,CRYPTO_free,CRYPTO_strdup,CRYPTO_clear_free,2_2_00007FFE75C820FE
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C9DFD0 CRYPTO_mem_ctrl,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,OPENSSL_sk_sort,CRYPTO_mem_ctrl,2_2_00007FFE75C9DFD0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CD1FD0 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFE75CD1FD0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8DFF0 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,2_2_00007FFE75C8DFF0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C82293 CRYPTO_free,CRYPTO_memdup,2_2_00007FFE75C82293
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C816F9 CRYPTO_free,2_2_00007FFE75C816F9
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C99F40 CRYPTO_free,CRYPTO_strndup,2_2_00007FFE75C99F40
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CD3F40 CRYPTO_malloc,memcpy,2_2_00007FFE75CD3F40
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C811B3 EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FFE75C811B3
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8DEE0 CRYPTO_free,2_2_00007FFE75C8DEE0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C9FE90 strncmp,strncmp,strncmp,strncmp,ERR_put_error,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,ERR_put_error,strncmp,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free,2_2_00007FFE75C9FE90
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C89E50 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFE75C89E50
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CED9C0 SRP_Calc_u,BN_num_bits,CRYPTO_malloc,BN_bn2bin,BN_clear_free,BN_clear_free,2_2_00007FFE75CED9C0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CCB9E0 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,2_2_00007FFE75CCB9E0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CA7990 X509_VERIFY_PARAM_free,CRYPTO_free_ex_data,BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FFE75CA7990
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CA5987 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFE75CA5987
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C818DE CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFE75C818DE
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C823BF CRYPTO_free,CRYPTO_memdup,2_2_00007FFE75C823BF
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CAF970 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FFE75CAF970
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CB7960 CRYPTO_free,CRYPTO_free,2_2_00007FFE75CB7960
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81069 CRYPTO_free,2_2_00007FFE75C81069
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CB78C0 CRYPTO_free,2_2_00007FFE75CB78C0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81A69 CRYPTO_free,2_2_00007FFE75C81A69
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CC7890 CRYPTO_free,CRYPTO_strndup,2_2_00007FFE75CC7890
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81398 EVP_MD_CTX_new,EVP_PKEY_new,EVP_PKEY_assign,EVP_PKEY_security_bits,DH_free,EVP_PKEY_get0_DH,EVP_PKEY_free,DH_get0_key,EVP_PKEY_get1_tls_encodedpoint,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,EVP_PKEY_size,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,CRYPTO_free,EVP_MD_CTX_free,2_2_00007FFE75C81398
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C810FF CRYPTO_zalloc,ERR_put_error,ERR_put_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_put_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,2_2_00007FFE75C810FF
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CBF840 CRYPTO_realloc,2_2_00007FFE75CBF840
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81DCF CRYPTO_malloc,CRYPTO_mem_ctrl,OPENSSL_sk_find,CRYPTO_free,CRYPTO_mem_ctrl,ERR_put_error,OPENSSL_sk_push,CRYPTO_mem_ctrl,CRYPTO_free,CRYPTO_mem_ctrl,ERR_put_error,2_2_00007FFE75C81DCF
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CD1860 CRYPTO_malloc,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,CRYPTO_free,2_2_00007FFE75CD1860
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C814FB EVP_PKEY_get1_tls_encodedpoint,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FFE75C814FB
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C82022 EVP_CIPHER_key_length,EVP_CIPHER_iv_length,CRYPTO_malloc,2_2_00007FFE75C82022
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CD1BD0 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFE75CD1BD0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CA1BE0 CRYPTO_free,CRYPTO_strdup,2_2_00007FFE75CA1BE0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81122 CRYPTO_free,2_2_00007FFE75C81122
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C810F5 EVP_PKEY_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_new,RSA_pkey_ctx_ctrl,CRYPTO_free,EVP_MD_CTX_free,EVP_MD_CTX_free,2_2_00007FFE75C810F5
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CB3B40 CRYPTO_zalloc,ERR_put_error,_time64,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FFE75CB3B40
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C815E6 EVP_MD_CTX_new,X509_get0_pubkey,EVP_PKEY_id,EVP_PKEY_id,EVP_PKEY_id,EVP_PKEY_size,EVP_DigestVerifyInit,CRYPTO_malloc,BUF_reverse,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestUpdate,EVP_MD_CTX_ctrl,EVP_DigestVerify,BIO_free,EVP_MD_CTX_free,CRYPTO_free,2_2_00007FFE75C815E6
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CB7B20 CRYPTO_free,2_2_00007FFE75CB7B20
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81979 CRYPTO_free,CRYPTO_memdup,2_2_00007FFE75C81979
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CB7AB0 CRYPTO_free,2_2_00007FFE75CB7AB0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CBFA70 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFE75CBFA70
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8129E CRYPTO_THREAD_run_once,2_2_00007FFE75C8129E
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C87A60 CRYPTO_free,2_2_00007FFE75C87A60
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CD0600 CRYPTO_free,CRYPTO_free,CRYPTO_strndup,2_2_00007FFE75CD0600
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81762 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error,2_2_00007FFE75C81762
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CC0580 CRYPTO_free,CRYPTO_free,2_2_00007FFE75CC0580
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CE0550 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,2_2_00007FFE75CE0550
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81BCC CRYPTO_strdup,CRYPTO_free,2_2_00007FFE75C81BCC
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8135C memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,2_2_00007FFE75C8135C
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CBA560 CRYPTO_free,CRYPTO_memdup,2_2_00007FFE75CBA560
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C884D0 CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow,2_2_00007FFE75C884D0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C82414 CRYPTO_free,BIO_clear_flags,BIO_set_flags,BIO_snprintf,ERR_add_error_data,memcpy,2_2_00007FFE75C82414
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C82225 CRYPTO_free,CRYPTO_memdup,2_2_00007FFE75C82225
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8218A CONF_parse_list,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,2_2_00007FFE75C8218A
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C84497 CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_set_data,BIO_clear_flags,2_2_00007FFE75C84497
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CC848B CRYPTO_clear_free,2_2_00007FFE75CC848B
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81F14 CRYPTO_free,2_2_00007FFE75C81F14
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CDE450 OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,memcmp,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,CRYPTO_memcmp,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,2_2_00007FFE75CDE450
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CA2460 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FFE75CA2460
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CC0810 CRYPTO_memcmp,2_2_00007FFE75CC0810
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81523 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFE75C81523
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CBA780 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FFE75CBA780
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81C08 CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,2_2_00007FFE75C81C08
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8221B CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FFE75C8221B
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8101E CRYPTO_free,CRYPTO_free,2_2_00007FFE75C8101E
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CB4730 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FFE75CB4730
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C846C0 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,2_2_00007FFE75C846C0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81AC8 CRYPTO_malloc,ERR_put_error,CRYPTO_free,2_2_00007FFE75C81AC8
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8222A CRYPTO_free,2_2_00007FFE75C8222A
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CDC6B0 CRYPTO_memcmp,2_2_00007FFE75CDC6B0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8E220 CRYPTO_malloc,2_2_00007FFE75C8E220
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81050 EVP_PKEY_free,BN_num_bits,BN_bn2bin,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FFE75C81050
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C9C1C0 CRYPTO_zalloc,ERR_put_error,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,2_2_00007FFE75C9C1C0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81DD4 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,OPENSSL_cleanse,OPENSSL_cleanse,EVP_MD_size,2_2_00007FFE75C81DD4
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C96138 CRYPTO_free,CRYPTO_strdup,2_2_00007FFE75C96138
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81A00 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,2_2_00007FFE75C81A00
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C9E0C0 COMP_zlib,CRYPTO_mem_ctrl,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,OPENSSL_sk_sort,CRYPTO_mem_ctrl,2_2_00007FFE75C9E0C0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C840BA BIO_get_data,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,2_2_00007FFE75C840BA
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C813B6 CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,2_2_00007FFE75C813B6
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C98070 CRYPTO_free,CRYPTO_memdup,2_2_00007FFE75C98070
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8195B EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,CRYPTO_memcmp,strncmp,strncmp,strncmp,strncmp,strncmp,2_2_00007FFE75C8195B
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C822C5 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error,2_2_00007FFE75C822C5
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C88420 CRYPTO_zalloc,ERR_put_error,2_2_00007FFE75C88420
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C813FC EVP_MD_CTX_new,EVP_MD_CTX_free,CRYPTO_memcmp,memcpy,memcpy,2_2_00007FFE75C813FC
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81E7E CRYPTO_free,CRYPTO_malloc,2_2_00007FFE75C81E7E
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C9E300 CRYPTO_THREAD_run_once,2_2_00007FFE75C9E300
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C98330 EVP_PKEY_CTX_new,EVP_PKEY_derive_init,EVP_PKEY_derive_set_peer,EVP_PKEY_derive,CRYPTO_malloc,EVP_PKEY_derive,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FFE75C98330
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81438 ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,2_2_00007FFE75C81438
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CBA2E0 CRYPTO_memcmp,2_2_00007FFE75CBA2E0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81CBC CRYPTO_clear_free,2_2_00007FFE75C81CBC
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C821C1 _time64,CRYPTO_free,CRYPTO_malloc,EVP_sha256,EVP_Digest,EVP_MD_size,CRYPTO_free,CRYPTO_free,2_2_00007FFE75C821C1
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CC02B0 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFE75CC02B0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81131 CRYPTO_free,2_2_00007FFE75C81131
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8236A CRYPTO_free,CRYPTO_malloc,ERR_put_error,memcpy,2_2_00007FFE75C8236A
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C96270 CRYPTO_free,2_2_00007FFE75C96270
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CA6270 ERR_put_error,CRYPTO_free,ERR_put_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,2_2_00007FFE75CA6270
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C9CE00 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,2_2_00007FFE75C9CE00
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C82554 BIO_s_file,BIO_new,BIO_ctrl,strncmp,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,2_2_00007FFE75C82554
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81A50 OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,CRYPTO_memcmp,2_2_00007FFE75C81A50
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CD8E20 CRYPTO_memcmp,2_2_00007FFE75CD8E20
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CC8DD2 CRYPTO_free,CRYPTO_free,2_2_00007FFE75CC8DD2
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CE0D90 BN_bin2bn,BN_ucmp,BN_is_zero,CRYPTO_free,CRYPTO_strdup,2_2_00007FFE75CE0D90
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C9CDA0 CRYPTO_get_ex_new_index,2_2_00007FFE75C9CDA0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8230B CRYPTO_memcmp,memchr,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,2_2_00007FFE75C8230B
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8220C ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,OPENSSL_LH_new,OPENSSL_sk_num,EVP_get_digestbyname,EVP_get_digestbyname,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,RAND_bytes,RAND_priv_bytes,RAND_priv_bytes,RAND_priv_bytes,2_2_00007FFE75C8220C
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CC0D20 CRYPTO_free,CRYPTO_strndup,2_2_00007FFE75CC0D20
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81078 CRYPTO_free,2_2_00007FFE75C81078
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8ECD0 EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,CRYPTO_memcmp,2_2_00007FFE75C8ECD0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CACCE0 ERR_put_error,ERR_put_error,ERR_put_error,EVP_MD_size,ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,d2i_X509,X509_get0_pubkey,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_put_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,ERR_put_error,2_2_00007FFE75CACCE0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81479 CRYPTO_free,CRYPTO_free,CRYPTO_memdup,2_2_00007FFE75C81479
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8189D CRYPTO_malloc,ERR_put_error,2_2_00007FFE75C8189D
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CCAC80 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,2_2_00007FFE75CCAC80
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CCCCB0 EVP_CIPHER_CTX_free,CRYPTO_free,CRYPTO_free,2_2_00007FFE75CCCCB0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8163B CRYPTO_free,CRYPTO_malloc,2_2_00007FFE75C8163B
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81DC0 BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_put_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFE75C81DC0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8115E OPENSSL_LH_insert,OPENSSL_LH_retrieve,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FFE75C8115E
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C82388 CRYPTO_malloc,2_2_00007FFE75C82388
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CE0F80 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,CRYPTO_memcmp,OPENSSL_sk_push,OPENSSL_sk_num,CRYPTO_free,X509_free,OPENSSL_sk_pop_free,OPENSSL_sk_value,X509_get0_pubkey,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,2_2_00007FFE75CE0F80
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8177B EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key,EVP_sha256,EVP_DigestSignInit,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,CRYPTO_memcmp,_time64,EVP_MD_CTX_free,EVP_PKEY_free,EVP_MD_CTX_free,EVP_PKEY_free,2_2_00007FFE75C8177B
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C96F48 CRYPTO_free,CRYPTO_strdup,2_2_00007FFE75C96F48
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81410 CRYPTO_malloc,ERR_put_error,BIO_snprintf,2_2_00007FFE75C81410
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81FD2 CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFE75C81FD2
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8AEB0 CRYPTO_free,2_2_00007FFE75C8AEB0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C824FA CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFE75C824FA
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81802 CRYPTO_strdup,2_2_00007FFE75C81802
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CCAE50 CRYPTO_malloc,EVP_DigestUpdate,EVP_MD_CTX_free,EVP_PKEY_CTX_free,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,2_2_00007FFE75CCAE50
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81BE0 EVP_MD_size,RAND_bytes,_time64,CRYPTO_free,CRYPTO_memdup,2_2_00007FFE75C81BE0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C96E79 CRYPTO_free,CRYPTO_strdup,2_2_00007FFE75C96E79
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81E29 CRYPTO_malloc,2_2_00007FFE75C81E29
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C82469 CRYPTO_malloc,memcpy,2_2_00007FFE75C82469
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C9CA00 OPENSSL_sk_num,X509_STORE_CTX_new,ERR_put_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_put_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_put_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,2_2_00007FFE75C9CA00
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CACA30 CRYPTO_free,CRYPTO_free,2_2_00007FFE75CACA30
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81393 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_clear_error,OPENSSL_sk_value,X509_get0_pubkey,X509_free,X509_up_ref,X509_free,OPENSSL_sk_pop_free,2_2_00007FFE75C81393
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C88990 CRYPTO_free,2_2_00007FFE75C88990
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81D61 CRYPTO_clear_free,2_2_00007FFE75C81D61
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C815C8 EVP_MD_CTX_new,EVP_PKEY_size,CRYPTO_malloc,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestUpdate,EVP_DigestSignFinal,EVP_DigestSign,BUF_reverse,CRYPTO_free,EVP_MD_CTX_free,CRYPTO_free,EVP_MD_CTX_free,2_2_00007FFE75C815C8
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8132A CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,2_2_00007FFE75C8132A
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CAC890 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error,2_2_00007FFE75CAC890
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CE0880 EVP_PKEY_get0_RSA,RSA_size,CRYPTO_malloc,RAND_priv_bytes,CRYPTO_free,2_2_00007FFE75CE0880
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C82153 CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,ENGINE_finish,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FFE75C82153
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81FBE CRYPTO_free,2_2_00007FFE75C81FBE
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CB4B90 CRYPTO_zalloc,ERR_put_error,_time64,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,memcpy,2_2_00007FFE75CB4B90
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CE8BA0 CRYPTO_free,CRYPTO_malloc,ERR_put_error,2_2_00007FFE75CE8BA0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CB8B60 CRYPTO_zalloc,CRYPTO_free,2_2_00007FFE75CB8B60
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81DA2 CRYPTO_THREAD_run_once,2_2_00007FFE75C81DA2
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81B81 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFE75C81B81
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CC0B30 CRYPTO_free,CRYPTO_memdup,2_2_00007FFE75CC0B30
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CACB20 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error,2_2_00007FFE75CACB20
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81F37 CRYPTO_free,CRYPTO_malloc,RAND_bytes,2_2_00007FFE75C81F37
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CC8A97 CRYPTO_malloc,2_2_00007FFE75CC8A97
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CD2A80 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,2_2_00007FFE75CD2A80
        Source: LEmcGUQfA7.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
        Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2346172333.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2346650273.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\sqlite3.pdb source: LEmcGUQfA7.exe, 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_overlapped.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2335336142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2337189401.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2333985188.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2339689440.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2336888430.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2341484859.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2344679452.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-memory-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2339689440.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2346788375.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2336088142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2345861061.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2335072353.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2339144104.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2341814581.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2340903729.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2339144104.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2344327291.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2346279390.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2338253784.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2336971459.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2340148748.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2344679452.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2340148748.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2336724452.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2347044637.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2337048988.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2340067888.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2341639570.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2341372772.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-process-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2346511322.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2343393174.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2341814581.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2336179643.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2336807424.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2333856645.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2336971459.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_asyncio.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2334058285.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2340356860.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: LEmcGUQfA7.exe, 00000002.00000002.2493850862.00007FFE75C70000.00000002.00000001.01000000.0000001C.sdmp
        Source: Binary string: api-ms-win-core-file-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2337048988.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1q 5 Jul 2022built on: Thu Aug 18 20:15:42 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: LEmcGUQfA7.exe, 00000002.00000002.2495394111.00007FFE75F7E000.00000002.00000001.01000000.00000016.sdmp
        Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2346788375.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2343393174.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2344327291.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2347044637.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2338253784.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2336642751.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2492810553.00007FFE759C2000.00000002.00000001.01000000.00000031.sdmp
        Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2341484859.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2341372772.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2334350588.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_multiprocessing.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2335200067.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2340067888.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-profile-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2340356860.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-file-l1-2-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2337189401.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: LEmcGUQfA7.exe, 00000002.00000002.2495394111.00007FFE75F7E000.00000002.00000001.01000000.00000016.sdmp
        Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2336807424.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2346384467.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2342770813.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2346279390.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2339542052.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2334960400.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2339280367.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2340700676.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2346931590.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2340226158.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-debug-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2336888430.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2339379459.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2346172333.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2339542052.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2339984931.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2346384467.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2347126991.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbNN source: LEmcGUQfA7.exe, 00000000.00000003.2335072353.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2340523048.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2341639570.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2340700676.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2336724452.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2337821975.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2346511322.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2339379459.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2347126991.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\python3.pdb source: LEmcGUQfA7.exe, 00000002.00000002.2477280334.000001908B080000.00000002.00000001.01000000.00000007.sdmp
        Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2339984931.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-synch-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2340903729.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2339280367.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2346650273.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2340226158.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2340523048.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2345861061.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: LEmcGUQfA7.exe, 00000002.00000002.2495394111.00007FFE76000000.00000002.00000001.01000000.00000016.sdmp
        Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2346931590.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2342770813.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6E83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF6EB6E83B0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6E92F0 FindFirstFileExW,FindClose,0_2_00007FF6EB6E92F0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB7018E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6EB7018E4
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6E92F0 FindFirstFileExW,FindClose,2_2_00007FF6EB6E92F0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6E83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF6EB6E83B0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB7018E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF6EB7018E4
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D33229 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,2_2_00007FFE75D33229
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficDNS traffic detected: DNS query: handler-phi.vercel.app
        Source: LEmcGUQfA7.exe, 00000002.00000002.2489348454.000001908D2B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
        Source: LEmcGUQfA7.exe, 00000002.00000002.2487304168.000001908CE80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://aka.ms/vcpython27
        Source: LEmcGUQfA7.exe, 00000002.00000003.2466396934.000001908B725000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445681741.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450394292.000001908CA67000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2470318327.000001908C58F000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2464545423.000001908C581000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446372598.000001908BEB6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454927780.000001908C7C3000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449330464.000001908BBCD000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2484758845.000001908CA67000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2453509400.000001908CA67000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448478846.000001908B6CB000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448020435.000001908B68E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446342715.000001908CAD8000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2483644806.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2481226796.000001908BBE0000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450044250.000001908C9B7000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2468060841.000001908C58D000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448234954.000001908B6BD000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2462302480.000001908BEC0000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2466564674.000001908CA67000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451559382.000001908B721000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
        Source: LEmcGUQfA7.exe, 00000002.00000002.2489741558.000001908D450000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue23606)
        Source: LEmcGUQfA7.exe, 00000002.00000002.2489741558.000001908D450000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue23606)p
        Source: LEmcGUQfA7.exe, 00000000.00000003.2335336142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334786656.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336088142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334629758.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336362424.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336179643.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336503688.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2335072353.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334960400.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2335200067.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336642751.000001866DCDF000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334350588.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336642751.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334058285.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
        Source: LEmcGUQfA7.exe, 00000000.00000003.2335336142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334786656.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336088142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334629758.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336362424.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336179643.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336503688.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2335072353.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334960400.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2335200067.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334350588.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336642751.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334058285.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
        Source: LEmcGUQfA7.exe, 00000000.00000003.2335336142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334786656.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336088142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334629758.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336362424.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336179643.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336503688.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2335072353.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334960400.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2335200067.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334350588.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336642751.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334058285.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
        Source: LEmcGUQfA7.exe, 00000000.00000003.2335336142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334786656.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336088142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334629758.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336362424.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336179643.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336503688.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2335072353.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334960400.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2335200067.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336642751.000001866DCDF000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334350588.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336642751.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334058285.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
        Source: LEmcGUQfA7.exe, 00000002.00000002.2489741558.000001908D450000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cffi.readthedocs.io/en/latest/cdef.html#ffi-cdef-limitations
        Source: LEmcGUQfA7.exe, 00000002.00000003.2446151392.000001908C5CC000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2381001689.000001908BD02000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445523435.000001908BDF6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448349138.000001908B527000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2459421346.000001908B532000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454400593.000001908B52F000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452508401.000001908B52D000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449697783.000001908BE0B000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2377868256.000001908B4B3000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449960162.000001908BE0E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448080951.000001908B51E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
        Source: LEmcGUQfA7.exe, 00000002.00000003.2375625295.000001908BC58000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2375625295.000001908BC97000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461833476.000001908BBC6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449189434.000001908BBA4000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454450969.000001908BBBA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
        Source: LEmcGUQfA7.exe, 00000002.00000003.2468637616.000001908B582000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450044250.000001908C9B7000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451957218.000001908B561000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452768026.000001908C9C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
        Source: LEmcGUQfA7.exe, 00000002.00000003.2454927780.000001908C7C3000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2467616680.000001908C7C4000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454338182.000001908C798000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452033267.000001908C797000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2477514403.000001908B472000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451614314.000001908C77A000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2474754482.000001908C7CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: LEmcGUQfA7.exe, 00000002.00000003.2445877715.000001908C602000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2464125412.000001908C79F000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445681741.000001908C5E9000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2463382933.000001908C63B000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446489563.000001908C611000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448109564.000001908C631000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2484054518.000001908C7A3000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454338182.000001908C798000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452033267.000001908C797000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447832472.000001908C61A000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2483421111.000001908C640000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451614314.000001908C77A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
        Source: LEmcGUQfA7.exe, 00000002.00000003.2445877715.000001908C602000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445681741.000001908C5E9000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2463382933.000001908C63B000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446489563.000001908C611000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448109564.000001908C631000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447832472.000001908C61A000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2483421111.000001908C640000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlss.
        Source: LEmcGUQfA7.exe, 00000002.00000003.2450044250.000001908C9B7000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452768026.000001908C9C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
        Source: LEmcGUQfA7.exe, 00000002.00000003.2468637616.000001908B582000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451957218.000001908B561000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlo
        Source: LEmcGUQfA7.exe, 00000002.00000003.2447832472.000001908C61A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
        Source: LEmcGUQfA7.exe, 00000002.00000003.2449551899.000001908C87A000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446173639.000001908C87A000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2453709849.000001908C87A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
        Source: LEmcGUQfA7.exe, 00000002.00000003.2445877715.000001908C602000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445681741.000001908C5E9000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446489563.000001908C611000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448109564.000001908C631000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447832472.000001908C61A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
        Source: LEmcGUQfA7.exe, 00000002.00000003.2445877715.000001908C602000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445681741.000001908C5E9000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449551899.000001908C87A000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446173639.000001908C87A000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2453709849.000001908C87A000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446489563.000001908C611000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448109564.000001908C631000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447832472.000001908C61A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
        Source: LEmcGUQfA7.exe, 00000002.00000003.2445877715.000001908C602000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445681741.000001908C5E9000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446489563.000001908C611000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448109564.000001908C631000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451162807.000001908C634000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447832472.000001908C61A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
        Source: LEmcGUQfA7.exe, 00000002.00000003.2454927780.000001908C7C3000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2467616680.000001908C7C4000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454338182.000001908C798000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452033267.000001908C797000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451614314.000001908C77A000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2474754482.000001908C7CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
        Source: LEmcGUQfA7.exe, 00000000.00000003.2335336142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334786656.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336088142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334629758.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336362424.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336179643.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336503688.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2335072353.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334960400.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2335200067.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336642751.000001866DCDF000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334350588.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336642751.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334058285.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
        Source: LEmcGUQfA7.exe, 00000000.00000003.2335336142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334786656.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336088142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334629758.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336362424.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336179643.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336503688.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2335072353.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334960400.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2335200067.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336642751.000001866DCDF000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334350588.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336642751.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334058285.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
        Source: LEmcGUQfA7.exe, 00000000.00000003.2335336142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334786656.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336088142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334629758.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336362424.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336179643.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336503688.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2335072353.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334960400.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2335200067.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334350588.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336642751.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334058285.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
        Source: LEmcGUQfA7.exe, 00000000.00000003.2334058285.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
        Source: LEmcGUQfA7.exe, 00000000.00000003.2335336142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334786656.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336088142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334629758.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336362424.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336179643.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336503688.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2335072353.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334960400.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2335200067.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336642751.000001866DCDF000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334350588.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336642751.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334058285.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
        Source: LEmcGUQfA7.exe, 00000002.00000003.2450394292.000001908CA67000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2484758845.000001908CA67000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2453509400.000001908CA67000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446342715.000001908CAD8000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450044250.000001908C9B7000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2466564674.000001908CA67000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452108581.000001908CA17000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2466869751.000001908CA46000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450394292.000001908CA0C000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2475288061.000001908CA48000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2453509400.000001908CA1B000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2463103836.000001908CADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
        Source: LEmcGUQfA7.exe, 00000002.00000003.2445681741.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454927780.000001908C7C3000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2483644806.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2471153370.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2474902026.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2467616680.000001908C7C4000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2470516358.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454338182.000001908C798000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452033267.000001908C797000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451614314.000001908C77A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
        Source: LEmcGUQfA7.exe, 00000002.00000003.2470318327.000001908C58F000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2464545423.000001908C581000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449330464.000001908BBCD000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2481226796.000001908BBE0000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2468060841.000001908C58D000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449189434.000001908BBA4000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2460741856.000001908BBDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
        Source: LEmcGUQfA7.exe, 00000002.00000003.2445877715.000001908C602000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445681741.000001908C5E9000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2489348454.000001908D2B0000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450804243.000001908C9D2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2484664395.000001908CA23000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446342715.000001908CAD8000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2489741558.000001908D450000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450044250.000001908C9B7000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2490310798.000001908D5A4000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446489563.000001908C611000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2490310798.000001908D53C000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452108581.000001908CA17000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450394292.000001908CA0C000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448109564.000001908C631000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2470370400.000001908C9D6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2470654111.000001908C9DA000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2483454492.000001908C64D000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452768026.000001908C9D6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2453509400.000001908CA1B000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450992501.000001908C642000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2480192255.000001908B860000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
        Source: LEmcGUQfA7.exe, 00000002.00000002.2489348454.000001908D2B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
        Source: LEmcGUQfA7.exe, 00000002.00000002.2487824222.000001908CF80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
        Source: LEmcGUQfA7.exe, 00000002.00000002.2487824222.000001908CF80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
        Source: LEmcGUQfA7.exe, 00000002.00000002.2487824222.000001908CF80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
        Source: LEmcGUQfA7.exe, 00000002.00000002.2482637694.000001908C180000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2482348060.000001908BF60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
        Source: LEmcGUQfA7.exe, 00000002.00000003.2445523435.000001908BDF6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446372598.000001908BE1E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446011901.000001908BE0F000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447213222.000001908BE6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/unittest.html
        Source: LEmcGUQfA7.exe, 00000002.00000002.2480627474.000001908BA60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/ActiveState/appdirs
        Source: LEmcGUQfA7.exe, 00000002.00000003.2445523435.000001908BDF6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446372598.000001908BE1E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452288562.000001908BE4E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447300568.000001908BE2E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447357344.000001908BE41000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454844675.000001908C7E9000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454798426.000001908BE5E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2470758804.000001908C7EA000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461925051.000001908BE5F000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2484156172.000001908C7EA000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446011901.000001908BE0F000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2453458237.000001908BE4F000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454477933.000001908C7E0000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451769855.000001908BE48000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2464762467.000001908C7EA000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450910165.000001908C7D1000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2467837479.000001908BE66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
        Source: LEmcGUQfA7.exe, 00000002.00000003.2445681741.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449764117.000001908C6FE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2470447373.000001908C710000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2453101618.000001908C70E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2385172945.000001908C726000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2483823852.000001908C710000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447948360.000001908C6E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
        Source: LEmcGUQfA7.exe, 00000002.00000003.2470813585.000001908C7B2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2484088452.000001908C7B6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461032560.000001908C7B2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454338182.000001908C798000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452033267.000001908C797000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454999315.000001908C7B1000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451614314.000001908C77A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
        Source: LEmcGUQfA7.exe, 00000002.00000003.2452459149.000001908BF40000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2479991996.000001908B746000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2468558797.000001908B726000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2464149826.000001908B725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
        Source: LEmcGUQfA7.exe, 00000002.00000003.2445681741.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449764117.000001908C6FE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447948360.000001908C6E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
        Source: LEmcGUQfA7.exe, 00000002.00000003.2461833476.000001908BBC6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2462116336.000001908BBCC000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449189434.000001908BBA4000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454450969.000001908BBBA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
        Source: LEmcGUQfA7.exe, 00000002.00000003.2445681741.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449764117.000001908C6FE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447948360.000001908C6E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.esC
        Source: LEmcGUQfA7.exe, 00000000.00000003.2335336142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334786656.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336088142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334629758.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336362424.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336179643.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336503688.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2335072353.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334960400.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2335200067.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334350588.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336642751.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334058285.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
        Source: LEmcGUQfA7.exe, 00000000.00000003.2335336142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334786656.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336088142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334629758.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336362424.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336179643.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336503688.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2335072353.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334960400.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2335200067.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336642751.000001866DCDF000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334350588.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336642751.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334058285.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
        Source: LEmcGUQfA7.exe, 00000000.00000003.2335336142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334786656.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336088142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334629758.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336362424.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336179643.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336503688.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2335072353.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334960400.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2335200067.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336642751.000001866DCDF000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334350588.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336642751.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334058285.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
        Source: LEmcGUQfA7.exe, 00000000.00000003.2335336142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334786656.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336088142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334629758.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336362424.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336179643.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336503688.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2335072353.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334960400.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2335200067.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334350588.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336642751.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334058285.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
        Source: LEmcGUQfA7.exe, 00000002.00000002.2480627474.000001908BA60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
        Source: LEmcGUQfA7.exe, 00000002.00000003.2445877715.000001908C602000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445681741.000001908C5E9000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2465485460.000001908C60B000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2463382933.000001908C63B000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446489563.000001908C611000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448109564.000001908C631000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447832472.000001908C61A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
        Source: LEmcGUQfA7.exe, 00000002.00000003.2471844792.000001908C7FB000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454844675.000001908C7E9000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2470758804.000001908C7EA000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2485903753.000001908CB24000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454477933.000001908C7E0000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2464762467.000001908C7EA000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450910165.000001908C7D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
        Source: LEmcGUQfA7.exe, 00000002.00000002.2490942445.000001908D664000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2490310798.000001908D59C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
        Source: LEmcGUQfA7.exe, 00000002.00000003.2461599975.000001908CAF0000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2463526267.000001908CB08000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446342715.000001908CAD8000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461354426.000001908CAE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
        Source: LEmcGUQfA7.exe, 00000002.00000002.2489348454.000001908D2B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
        Source: LEmcGUQfA7.exe, 00000002.00000003.2450019226.000001908C815000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461561337.000001908C820000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446303005.000001908C815000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
        Source: LEmcGUQfA7.exe, 00000002.00000003.2445681741.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449764117.000001908C6FE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461833476.000001908BBC6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2462116336.000001908BBCC000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447948360.000001908C6E5000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449189434.000001908BBA4000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454450969.000001908BBBA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
        Source: LEmcGUQfA7.exe, 00000002.00000003.2447832472.000001908C61A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
        Source: LEmcGUQfA7.exe, 00000002.00000003.2461833476.000001908BBC6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2462116336.000001908BBCC000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449189434.000001908BBA4000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454450969.000001908BBBA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
        Source: LEmcGUQfA7.exe, 00000002.00000003.2449551899.000001908C854000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445333718.000001908C854000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451222829.000001908C866000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
        Source: LEmcGUQfA7.exe, 00000002.00000003.2461833476.000001908BBC6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2462116336.000001908BBCC000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449189434.000001908BBA4000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454450969.000001908BBBA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
        Source: LEmcGUQfA7.exe, 00000002.00000003.2449551899.000001908C854000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445333718.000001908C854000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451222829.000001908C866000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htmB
        Source: LEmcGUQfA7.exe, 00000002.00000003.2461833476.000001908BBC6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449551899.000001908C854000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445333718.000001908C854000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451222829.000001908C866000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2462116336.000001908BBCC000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449189434.000001908BBA4000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454450969.000001908BBBA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
        Source: LEmcGUQfA7.exe, 00000002.00000002.2480627474.000001908BA60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
        Source: LEmcGUQfA7.exe, 00000002.00000003.2445681741.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450044250.000001908C9B7000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2464095398.000001908C6F0000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2455732641.000001908C6EB000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450542630.000001908C6EB000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452768026.000001908C9C0000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447948360.000001908C6E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
        Source: LEmcGUQfA7.exe, 00000002.00000003.2371171380.000001908B572000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2376038670.000001908BB90000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2370961993.000001908BBA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
        Source: LEmcGUQfA7.exe, 00000002.00000003.2466396934.000001908B725000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446372598.000001908BEB6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448478846.000001908B6CB000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448020435.000001908B68E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448234954.000001908B6BD000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2462302480.000001908BEC0000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451559382.000001908B721000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446661715.000001908B68B000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2474365033.000001908BEC0000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451335287.000001908B6F4000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447213222.000001908BEB6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452564171.000001908BEBF000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2479991996.000001908B746000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2468558797.000001908B726000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2464149826.000001908B725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
        Source: LEmcGUQfA7.exe, 00000002.00000002.2490310798.000001908D500000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dabeaz.com/ply)
        Source: LEmcGUQfA7.exe, 00000002.00000003.2450394292.000001908CA67000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2453509400.000001908CA67000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2469982867.000001908CA93000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2485217458.000001908CA94000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2467043177.000001908CA90000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2469458006.000001908CA91000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2464263924.000001908CA78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dabeaz.com/ply)F
        Source: LEmcGUQfA7.exe, 00000000.00000003.2335336142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334786656.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336088142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334629758.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336362424.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336179643.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336503688.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2335072353.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334960400.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2335200067.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334350588.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2336642751.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000000.00000003.2334058285.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
        Source: LEmcGUQfA7.exe, 00000002.00000003.2447624186.000001908BCE5000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450804243.000001908C9D2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2469191181.000001908BCEE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450963845.000001908C9E3000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450044250.000001908C9B7000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461680787.000001908BCE5000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451797760.000001908BCE5000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451382683.000001908C9E9000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446724570.000001908BCE5000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2481754721.000001908BCF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
        Source: LEmcGUQfA7.exe, 00000002.00000003.2445877715.000001908C602000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445681741.000001908C5E9000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446489563.000001908C611000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448109564.000001908C631000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447832472.000001908C61A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
        Source: LEmcGUQfA7.exe, 00000002.00000003.2376038670.000001908BB90000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2370961993.000001908BBA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
        Source: LEmcGUQfA7.exe, 00000002.00000003.2371171380.000001908B572000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2376038670.000001908BB90000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2370961993.000001908BBA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
        Source: LEmcGUQfA7.exe, 00000002.00000003.2445877715.000001908C602000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445681741.000001908C5E9000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2463382933.000001908C63B000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446489563.000001908C611000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448109564.000001908C631000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447832472.000001908C61A000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2483421111.000001908C640000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
        Source: LEmcGUQfA7.exe, 00000002.00000002.2482139300.000001908BED0000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2469696002.000001908BECE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446372598.000001908BEB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
        Source: LEmcGUQfA7.exe, 00000002.00000003.2450019226.000001908C815000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461561337.000001908C820000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446303005.000001908C815000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
        Source: LEmcGUQfA7.exe, 00000002.00000003.2445877715.000001908C602000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445681741.000001908C5E9000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446489563.000001908C611000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448109564.000001908C631000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450992501.000001908C642000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447832472.000001908C61A000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2470702936.000001908C645000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
        Source: LEmcGUQfA7.exe, 00000002.00000003.2467721513.000001908C79A000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454338182.000001908C798000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452033267.000001908C797000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451614314.000001908C77A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://aliexpress.com)
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://amazon.com)
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.gofile.io/getServer
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://binance.com)
        Source: LEmcGUQfA7.exe, 00000002.00000003.2381001689.000001908BD02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.or
        Source: LEmcGUQfA7.exe, 00000002.00000002.2478278745.000001908B562000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2367120212.000001908B5F5000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451957218.000001908B561000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2367010418.000001908B69A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue42195.
        Source: LEmcGUQfA7.exe, 00000002.00000002.2482637694.000001908C180000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2482852796.000001908C380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue44497.
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/avatars/
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://coinbase.com)
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crunchyroll.com)
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com)
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/users/
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v6/guilds/
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v6/guilds/l
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v6/users/
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/users/
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.gg/
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.gift/
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discordapp.com/api/v6/users/
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://disney.com)
        Source: LEmcGUQfA7.exe, 00000002.00000003.2461833476.000001908BBC6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2376038670.000001908BBC1000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449189434.000001908BBA4000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454450969.000001908BBBA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
        Source: LEmcGUQfA7.exe, 00000002.00000002.2477157467.000001908AF70000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2360516683.000001908B461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
        Source: LEmcGUQfA7.exe, 00000002.00000002.2477405295.000001908B260000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2360516683.000001908B461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
        Source: LEmcGUQfA7.exe, 00000002.00000002.2477157467.000001908AF70000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2360516683.000001908B461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
        Source: LEmcGUQfA7.exe, 00000002.00000002.2477157467.000001908AFF8000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2360516683.000001908B461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
        Source: LEmcGUQfA7.exe, 00000002.00000002.2477157467.000001908AFF8000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2360516683.000001908B461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
        Source: LEmcGUQfA7.exe, 00000002.00000002.2477405295.000001908B260000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2360516683.000001908B461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
        Source: LEmcGUQfA7.exe, 00000002.00000002.2477157467.000001908AF70000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2360516683.000001908B461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
        Source: LEmcGUQfA7.exe, 00000002.00000002.2477405295.000001908B260000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2360516683.000001908B461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
        Source: LEmcGUQfA7.exe, 00000002.00000003.2462405453.000001908976F000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2476998589.0000019089770000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449134729.000001908975E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451712799.0000019089769000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449301786.0000019089768000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2360516683.000001908B461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
        Source: LEmcGUQfA7.exe, 00000002.00000003.2451484421.000001908B5F4000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2462760614.000001908B5FC000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2462088987.000001908B5F9000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449426352.000001908B5F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/pprint.html
        Source: LEmcGUQfA7.exe, 00000002.00000003.2451484421.000001908B5F4000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2462760614.000001908B5FC000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2462088987.000001908B5F9000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449426352.000001908B5F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/pprint.html#pprint.pprint
        Source: LEmcGUQfA7.exe, 00000002.00000003.2380898988.000001908BED9000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451797760.000001908BCE5000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446724570.000001908BCE5000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447050684.000001908BD45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/re.html
        Source: LEmcGUQfA7.exe, 00000002.00000003.2381001689.000001908BD02000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2380965631.000001908C581000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2378502925.000001908BD0D000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2380898988.000001908BED9000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2482348060.000001908BF60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/re.html#re.sub
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ebay.com)
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://epicgames.com)
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://expressvpn.com)
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488227407.000001908D080000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://geolocation-db.com/jsonp/
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://geolocation-db.com/jsonp/ei70042
        Source: LEmcGUQfA7.exe, 00000002.00000002.2482458281.000001908C060000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2482963076.000001908C480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com)
        Source: LEmcGUQfA7.exe, 00000002.00000003.2454907805.000001908C7DA000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450910165.000001908C7D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
        Source: LEmcGUQfA7.exe, 00000002.00000003.2362644343.000001908978D000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452388506.0000019089775000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454973619.0000019089784000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2467912697.0000019089794000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449134729.000001908975E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451712799.0000019089769000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2477104682.0000019089797000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449301786.0000019089768000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2363289211.0000019089786000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2362964753.0000019089775000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2360516683.000001908B461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
        Source: LEmcGUQfA7.exe, 00000002.00000002.2482348060.000001908BF60000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2482963076.000001908C480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
        Source: LEmcGUQfA7.exe, 00000000.00000003.2333569188.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/mhammond/pywin32
        Source: LEmcGUQfA7.exe, 00000002.00000002.2489741558.000001908D3E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
        Source: LEmcGUQfA7.exe, 00000002.00000002.2482458281.000001908C060000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2482852796.000001908C380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
        Source: LEmcGUQfA7.exe, 00000002.00000002.2482852796.000001908C380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging42d2
        Source: LEmcGUQfA7.exe, 00000002.00000002.2482458281.000001908C060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging_MEI70042042
        Source: LEmcGUQfA7.exe, 00000002.00000002.2482348060.000001908BF60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
        Source: LEmcGUQfA7.exe, 00000002.00000002.2480295337.000001908B960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
        Source: LEmcGUQfA7.exe, 00000002.00000003.2446724570.000001908BC90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyparsing/pyparsing/wiki
        Source: LEmcGUQfA7.exe, 00000002.00000002.2477157467.000001908AFF8000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2360516683.000001908B461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
        Source: LEmcGUQfA7.exe, 00000002.00000003.2360516683.000001908B461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
        Source: LEmcGUQfA7.exe, 00000002.00000003.2362644343.000001908978D000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452388506.0000019089775000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454973619.0000019089784000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2467912697.0000019089794000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449134729.000001908975E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451712799.0000019089769000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2477104682.0000019089797000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449301786.0000019089768000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2363289211.0000019089786000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2362964753.0000019089775000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2360516683.000001908B461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
        Source: LEmcGUQfA7.exe, 00000002.00000003.2362644343.000001908978D000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452388506.0000019089775000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454973619.0000019089784000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2467912697.0000019089794000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449134729.000001908975E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451712799.0000019089769000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2477104682.0000019089797000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449301786.0000019089768000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2363289211.0000019089786000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2362964753.0000019089775000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2360516683.000001908B461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488227407.000001908D080000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
        Source: LEmcGUQfA7.exe, 00000002.00000003.2464125412.000001908C79F000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2484054518.000001908C7A3000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454338182.000001908C798000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452033267.000001908C797000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451614314.000001908C77A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920pn
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290li.pyw
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gmail.com)
        Source: LEmcGUQfA7.exe, 00000002.00000003.2450910165.000001908C7D1000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2463610879.000001908B594000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
        Source: LEmcGUQfA7.exe, 00000002.00000003.2455065361.000001908C5E4000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2471790222.000001908C7D5000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445827060.000001908C5D8000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450910165.000001908C7D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
        Source: LEmcGUQfA7.exe, 00000002.00000003.2467641202.000001908B66D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
        Source: LEmcGUQfA7.exe, 00000002.00000002.2491582636.000001908D7F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://handler-phi.vercel.app/1.txt
        Source: LEmcGUQfA7.exe, 00000002.00000002.2491582636.000001908D7F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://handler-phi.vercel.app/1.txtxt
        Source: LEmcGUQfA7.exe, 00000002.00000003.2451614314.000001908C77A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hbo.c
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hbo.com)
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hotmail.com)
        Source: LEmcGUQfA7.exe, 00000002.00000003.2467592425.000001908B6FC000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448478846.000001908B6CB000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448020435.000001908B68E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448234954.000001908B6BD000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446661715.000001908B68B000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452585052.000001908B6FA000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451335287.000001908B6F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
        Source: LEmcGUQfA7.exe, 00000002.00000003.2463610879.000001908B594000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
        Source: LEmcGUQfA7.exe, 00000002.00000002.2489741558.000001908D3E0000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2455732641.000001908C6E2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461777879.000001908C7E2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450910165.000001908C7D1000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451614314.000001908C77A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
        Source: LEmcGUQfA7.exe, 00000002.00000003.2454338182.000001908C798000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452033267.000001908C797000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461032560.000001908C7AD000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451614314.000001908C77A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
        Source: LEmcGUQfA7.exe, 00000002.00000002.2480295337.000001908B960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://instagram.com)
        Source: LEmcGUQfA7.exe, 00000002.00000003.2385038990.000001908C831000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449551899.000001908C854000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445333718.000001908C854000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451222829.000001908C866000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2385417361.000001908C806000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://minecraft.net)
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://netflix.com)
        Source: LEmcGUQfA7.exe, 00000002.00000003.2450019226.000001908C815000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461561337.000001908C820000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446303005.000001908C815000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2462607943.000001908C829000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://origin.com)
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://outlook.com)
        Source: LEmcGUQfA7.exe, 00000002.00000003.2467592425.000001908B6FC000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448478846.000001908B6CB000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448020435.000001908B68E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2382741485.000001908B68E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448234954.000001908B6BD000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446661715.000001908B68B000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452585052.000001908B6FA000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451335287.000001908B6F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/declaring-project-metadata/
        Source: LEmcGUQfA7.exe, 00000002.00000002.2482637694.000001908C180000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://paypal.com)
        Source: LEmcGUQfA7.exe, 00000002.00000003.2366074823.000001908B53E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2366564998.000001908B53E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2365974051.000001908B53E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2367223025.000001908B53E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.K
        Source: LEmcGUQfA7.exe, 00000002.00000002.2480081829.000001908B760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://playstation.com)
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pornhub.com)
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/Ayhuuu/Creal-Stealer/main/img/xd.jpg
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/Ayhuuu/injection/main/index.js
        Source: LEmcGUQfA7.exe, 00000002.00000002.2482458281.000001908C060000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2482963076.000001908C480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
        Source: LEmcGUQfA7.exe, 00000002.00000002.2489741558.000001908D450000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454338182.000001908C798000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452033267.000001908C797000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461032560.000001908C7AD000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451614314.000001908C77A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://riotgames.com)
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://roblox.com)
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sellix.io)
        Source: LEmcGUQfA7.exe, 00000002.00000003.2369302507.000001908B582000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2477514403.000001908B482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
        Source: LEmcGUQfA7.exe, 00000002.00000002.2482637694.000001908C180000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/userguide/declarative_config.html#opt-2
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://spotify.com)
        Source: LEmcGUQfA7.exe, 00000002.00000003.2447624186.000001908BCE5000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2381001689.000001908BD02000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2459960991.000001908BD47000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445523435.000001908BDF6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446372598.000001908BE1E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452288562.000001908BE4E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447300568.000001908BE2E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2468236301.000001908BD49000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448629940.000001908B6A8000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454527650.000001908BD0E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448020435.000001908B68E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447357344.000001908BE41000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2466175456.000001908BD49000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2382741485.000001908B68E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2380965631.000001908C581000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454798426.000001908BE5E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461925051.000001908BE5F000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461313481.000001908BD47000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446011901.000001908BE0F000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2467267628.000001908BD49000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2475452281.000001908B6B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stake.com)
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steam.com)
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://telegram.com)
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tiktok.com)
        Source: LEmcGUQfA7.exe, 00000002.00000003.2446151392.000001908C5CC000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2462827486.000001908C5D2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2483267889.000001908C5D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
        Source: LEmcGUQfA7.exe, 00000002.00000003.2445681741.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454927780.000001908C7C3000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2483644806.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2471153370.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2474902026.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2467616680.000001908C7C4000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2470516358.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454338182.000001908C798000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452033267.000001908C797000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451614314.000001908C77A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
        Source: LEmcGUQfA7.exe, 00000002.00000003.2466396934.000001908B725000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446372598.000001908BEB6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448478846.000001908B6CB000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448020435.000001908B68E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448234954.000001908B6BD000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2462302480.000001908BEC0000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451559382.000001908B721000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446661715.000001908B68B000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2474365033.000001908BEC0000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451335287.000001908B6F4000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447213222.000001908BEB6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452564171.000001908BEBF000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2479991996.000001908B746000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2468558797.000001908B726000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2464149826.000001908B725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitch.com)
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com)
        Source: LEmcGUQfA7.exe, 00000002.00000003.2465733591.000001908B594000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461478579.000001908B592000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454949477.000001908B591000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451957218.000001908B561000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454907805.000001908C7DA000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452611822.000001908B58A000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454594033.000001908B58B000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450910165.000001908C7D1000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2463610879.000001908B594000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://uber.com)
        Source: LEmcGUQfA7.exe, 00000002.00000002.2480627474.000001908BA60000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2482852796.000001908C380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://upload.pypi.org/legacy/
        Source: LEmcGUQfA7.exe, 00000002.00000003.2385243813.000001908C6C0000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
        Source: LEmcGUQfA7.exe, 00000002.00000003.2454844675.000001908C7E9000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2470758804.000001908C7EA000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2484156172.000001908C7EA000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454477933.000001908C7E0000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2464762467.000001908C7EA000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450910165.000001908C7D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsN
        Source: LEmcGUQfA7.exe, 00000002.00000003.2454095436.000001908B4B1000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454424011.000001908B4BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448183464.000001908B48D000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448290907.000001908B497000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451183054.000001908B4AF000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449036019.000001908B4AE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2377868256.000001908B4B3000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461645458.000001908B4CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wiki.debian.org/XDGBaseDirectorySpecification#state
        Source: LEmcGUQfA7.exe, 00000002.00000003.2445877715.000001908C602000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445681741.000001908C5E9000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446489563.000001908C611000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448109564.000001908C631000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2483454492.000001908C64D000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450992501.000001908C642000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447832472.000001908C61A000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2470702936.000001908C645000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
        Source: LEmcGUQfA7.exe, 00000002.00000002.2495683254.00007FFE76076000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://www.openssl.org/H
        Source: LEmcGUQfA7.exe, 00000002.00000003.2454338182.000001908C798000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452033267.000001908C797000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461032560.000001908C7AD000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451614314.000001908C77A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
        Source: LEmcGUQfA7.exe, 00000002.00000003.2475670925.000001908C868000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2385038990.000001908C831000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449551899.000001908C854000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445333718.000001908C854000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451222829.000001908C866000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2385417361.000001908C806000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
        Source: LEmcGUQfA7.exe, 00000002.00000002.2477157467.000001908AF70000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2361745598.000001908B4DA000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2362017858.000001908B4EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
        Source: LEmcGUQfA7.exe, 00000002.00000003.2450992501.000001908C688000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446489563.000001908C688000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451665766.000001908C688000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449077386.000001908C688000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2466915565.000001908C68D000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447832472.000001908C688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
        Source: LEmcGUQfA7.exe, 00000002.00000003.2450804243.000001908C9D2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2484457846.000001908C9D6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450044250.000001908C9B7000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2470370400.000001908C9D6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452768026.000001908C9D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
        Source: LEmcGUQfA7.exe, 00000002.00000003.2468637616.000001908B582000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451957218.000001908B561000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://xbox.com)
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com)
        Source: LEmcGUQfA7.exe, 00000002.00000003.2455065361.000001908C5E4000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2471790222.000001908C7D5000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445827060.000001908C5D8000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450910165.000001908C7D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://youtube.com)
        Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB705C700_2_00007FF6EB705C70
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6E8BD00_2_00007FF6EB6E8BD0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB7009380_2_00007FF6EB700938
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB7069D40_2_00007FF6EB7069D4
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6E10000_2_00007FF6EB6E1000
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB7009380_2_00007FF6EB700938
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB7064880_2_00007FF6EB706488
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6F2C800_2_00007FF6EB6F2C80
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB703C800_2_00007FF6EB703C80
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6EAD1D0_2_00007FF6EB6EAD1D
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6EA4E40_2_00007FF6EB6EA4E4
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6EA34B0_2_00007FF6EB6EA34B
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6F1BC00_2_00007FF6EB6F1BC0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6FDACC0_2_00007FF6EB6FDACC
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6F19B40_2_00007FF6EB6F19B4
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6F81540_2_00007FF6EB6F8154
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6F3A140_2_00007FF6EB6F3A14
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6F21D40_2_00007FF6EB6F21D4
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6E98700_2_00007FF6EB6E9870
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB70411C0_2_00007FF6EB70411C
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB7018E40_2_00007FF6EB7018E4
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6F17B00_2_00007FF6EB6F17B0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6FDF600_2_00007FF6EB6FDF60
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6F88040_2_00007FF6EB6F8804
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB7097980_2_00007FF6EB709798
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6F1FD00_2_00007FF6EB6F1FD0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6F9F100_2_00007FF6EB6F9F10
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB705EEC0_2_00007FF6EB705EEC
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6F5DA00_2_00007FF6EB6F5DA0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6F36100_2_00007FF6EB6F3610
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6FE5E00_2_00007FF6EB6FE5E0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6F1DC40_2_00007FF6EB6F1DC4
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB705C702_2_00007FF6EB705C70
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB7069D42_2_00007FF6EB7069D4
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6E10002_2_00007FF6EB6E1000
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB7009382_2_00007FF6EB700938
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB7064882_2_00007FF6EB706488
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6F2C802_2_00007FF6EB6F2C80
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB703C802_2_00007FF6EB703C80
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6EAD1D2_2_00007FF6EB6EAD1D
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6EA4E42_2_00007FF6EB6EA4E4
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6EA34B2_2_00007FF6EB6EA34B
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6E8BD02_2_00007FF6EB6E8BD0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6F1BC02_2_00007FF6EB6F1BC0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6FDACC2_2_00007FF6EB6FDACC
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6F19B42_2_00007FF6EB6F19B4
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6F81542_2_00007FF6EB6F8154
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB7009382_2_00007FF6EB700938
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6F3A142_2_00007FF6EB6F3A14
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6F21D42_2_00007FF6EB6F21D4
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6E98702_2_00007FF6EB6E9870
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB70411C2_2_00007FF6EB70411C
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB7018E42_2_00007FF6EB7018E4
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6F17B02_2_00007FF6EB6F17B0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6FDF602_2_00007FF6EB6FDF60
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6F88042_2_00007FF6EB6F8804
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB7097982_2_00007FF6EB709798
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6F1FD02_2_00007FF6EB6F1FD0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6F9F102_2_00007FF6EB6F9F10
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB705EEC2_2_00007FF6EB705EEC
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6F5DA02_2_00007FF6EB6F5DA0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6F36102_2_00007FF6EB6F3610
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6FE5E02_2_00007FF6EB6FE5E0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6F1DC42_2_00007FF6EB6F1DC4
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A8E5F02_2_00007FFE75A8E5F0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A6F5E02_2_00007FFE75A6F5E0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A145C02_2_00007FFE75A145C0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A1A6202_2_00007FFE75A1A620
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A1C5402_2_00007FFE75A1C540
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A155B02_2_00007FFE75A155B0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A8F5B02_2_00007FFE75A8F5B0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75AA05B02_2_00007FFE75AA05B0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A1E5A02_2_00007FFE75A1E5A0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A565902_2_00007FFE75A56590
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A814E02_2_00007FFE75A814E0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75AAC4D02_2_00007FFE75AAC4D0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A624B02_2_00007FFE75A624B0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE759FF4B02_2_00007FFE759FF4B0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A1B7C02_2_00007FFE75A1B7C0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A9F8102_2_00007FFE75A9F810
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A068002_2_00007FFE75A06800
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A0B7702_2_00007FFE75A0B770
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75AA17702_2_00007FFE75AA1770
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A747802_2_00007FFE75A74780
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE759F665D2_2_00007FFE759F665D
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE759F66552_2_00007FFE759F6655
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A326802_2_00007FFE75A32680
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A121E02_2_00007FFE75A121E0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A971D02_2_00007FFE75A971D0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A9E1D02_2_00007FFE75A9E1D0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE759FE2202_2_00007FFE759FE220
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A521602_2_00007FFE75A52160
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A471502_2_00007FFE75A47150
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE759F41802_2_00007FFE759F4180
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE759F60F02_2_00007FFE759F60F0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE759F30D42_2_00007FFE759F30D4
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A0B1202_2_00007FFE75A0B120
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A5F0902_2_00007FFE75A5F090
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A923E02_2_00007FFE75A923E0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A933D02_2_00007FFE75A933D0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A083702_2_00007FFE75A08370
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE759FA3702_2_00007FFE759FA370
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A7B3902_2_00007FFE75A7B390
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A382702_2_00007FFE75A38270
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A67DD02_2_00007FFE75A67DD0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE759F8DC02_2_00007FFE759F8DC0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A66DC02_2_00007FFE75A66DC0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A36DB02_2_00007FFE75A36DB0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A01D902_2_00007FFE75A01D90
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A77CD02_2_00007FFE75A77CD0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A29D162_2_00007FFE75A29D16
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A4DD002_2_00007FFE75A4DD00
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A98C502_2_00007FFE75A98C50
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A9EFE02_2_00007FFE75A9EFE0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A75FD02_2_00007FFE75A75FD0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A04FD02_2_00007FFE75A04FD0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A480202_2_00007FFE75A48020
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A1B0002_2_00007FFE75A1B000
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A5BF702_2_00007FFE75A5BF70
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A44F502_2_00007FFE75A44F50
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A74F902_2_00007FFE75A74F90
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A3CF802_2_00007FFE75A3CF80
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A9BF202_2_00007FFE75A9BF20
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A0FF002_2_00007FFE75A0FF00
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A16E702_2_00007FFE75A16E70
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A729E02_2_00007FFE75A729E0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A349C02_2_00007FFE75A349C0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A23A002_2_00007FFE75A23A00
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A3C9402_2_00007FFE75A3C940
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A499802_2_00007FFE75A49980
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A818E02_2_00007FFE75A818E0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A0A8C02_2_00007FFE75A0A8C0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A4B9202_2_00007FFE75A4B920
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE759F28882_2_00007FFE759F2888
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE759F3B702_2_00007FFE759F3B70
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A46B102_2_00007FFE75A46B10
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75A4FB102_2_00007FFE75A4FB10
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE759F6A622_2_00007FFE759F6A62
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75B618D02_2_00007FFE75B618D0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75B612E02_2_00007FFE75B612E0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8114F2_2_00007FFE75C8114F
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C813F22_2_00007FFE75C813F2
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C912302_2_00007FFE75C91230
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8B3702_2_00007FFE75C8B370
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81A8C2_2_00007FFE75C81A8C
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8199C2_2_00007FFE75C8199C
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81C992_2_00007FFE75C81C99
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CCFEB02_2_00007FFE75CCFEB0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C814512_2_00007FFE75C81451
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8F9052_2_00007FFE75C8F905
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C813982_2_00007FFE75C81398
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CE81C02_2_00007FFE75CE81C0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81DD42_2_00007FFE75C81DD4
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8195B2_2_00007FFE75C8195B
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C825722_2_00007FFE75C82572
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8168B2_2_00007FFE75C8168B
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C820B32_2_00007FFE75C820B3
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C815B42_2_00007FFE75C815B4
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C8115E2_2_00007FFE75C8115E
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CE0F802_2_00007FFE75CE0F80
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C81BE02_2_00007FFE75C81BE0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75CE08802_2_00007FFE75CE0880
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C86BB02_2_00007FFE75C86BB0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C815372_2_00007FFE75C81537
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D31EA12_2_00007FFE75D31EA1
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D370452_2_00007FFE75D37045
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D5B5502_2_00007FFE75D5B550
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75F6F4602_2_00007FFE75F6F460
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D3609B2_2_00007FFE75D3609B
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D321B72_2_00007FFE75D321B7
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D322E82_2_00007FFE75D322E8
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D9F7002_2_00007FFE75D9F700
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D36F232_2_00007FFE75D36F23
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D4F2002_2_00007FFE75D4F200
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D5B1C02_2_00007FFE75D5B1C0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D3114F2_2_00007FFE75D3114F
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D329CD2_2_00007FFE75D329CD
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D4F0602_2_00007FFE75D4F060
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D36CB72_2_00007FFE75D36CB7
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D35D852_2_00007FFE75D35D85
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D351692_2_00007FFE75D35169
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75E673102_2_00007FFE75E67310
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D33B932_2_00007FFE75D33B93
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75E5FE302_2_00007FFE75E5FE30
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D322892_2_00007FFE75D32289
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D34C372_2_00007FFE75D34C37
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D4BD602_2_00007FFE75D4BD60
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D332E72_2_00007FFE75D332E7
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D4BF202_2_00007FFE75D4BF20
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D327662_2_00007FFE75D32766
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D341652_2_00007FFE75D34165
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75EE7A102_2_00007FFE75EE7A10
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75ED39D02_2_00007FFE75ED39D0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D3655A2_2_00007FFE75D3655A
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D36A822_2_00007FFE75D36A82
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: String function: 00007FFE759F9620 appears 175 times
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: String function: 00007FF6EB6E2910 appears 34 times
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: String function: 00007FFE75D32734 appears 123 times
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: String function: 00007FFE75D3300D appears 50 times
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: String function: 00007FFE75CEDCDF appears 215 times
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: String function: 00007FFE75A1EF60 appears 40 times
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: String function: 00007FFE75CEDD75 appears 101 times
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: String function: 00007FFE759F8810 appears 31 times
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: String function: 00007FFE759F89E0 appears 123 times
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: String function: 00007FFE75D34057 appears 200 times
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: String function: 00007FFE75D31EF1 appears 266 times
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: String function: 00007FFE75C812EE appears 572 times
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: String function: 00007FF6EB6E2710 appears 104 times
        Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
        Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
        Source: api-ms-win-core-interlocked-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-util-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-synch-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-file-l2-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-debug-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-profile-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-datetime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-math-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-file-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: python3.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-stdio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-processthreads-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-handle-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-multibyte-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-convert-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-memory-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
        Source: LEmcGUQfA7.exe, 00000000.00000003.2347044637.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2338253784.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2333985188.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2344327291.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2335336142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2334786656.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2336088142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2336724452.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2334629758.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2346279390.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2339379459.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2346384467.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2336362424.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2341814581.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2340067888.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2336179643.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2346931590.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2340700676.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2345861061.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2336503688.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2333569188.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32ui.pyd0 vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2337048988.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2346788375.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2339689440.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2346511322.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2337821975.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2333856645.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2336971459.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2342770813.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2347126991.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2340356860.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2336807424.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2336888430.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2335072353.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2339984931.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2341372772.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2340903729.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2340226158.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2340523048.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2346172333.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2334960400.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2343393174.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2335200067.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2339542052.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2334350588.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2346650273.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2336642751.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2341639570.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2339144104.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2339280367.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2340148748.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2341484859.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2344679452.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2337189401.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000000.00000003.2334058285.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exeBinary or memory string: OriginalFilename vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000002.00000002.2492987086.00007FFE759C4000.00000002.00000001.01000000.00000031.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000002.00000002.2477280334.000001908B080000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000002.00000002.2495683254.00007FFE76076000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs LEmcGUQfA7.exe
        Source: LEmcGUQfA7.exe, 00000002.00000002.2494530151.00007FFE75C75000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs LEmcGUQfA7.exe
        Source: classification engineClassification label: mal80.troj.winEXE@9/134@1/1
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7116:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7164:120:WilError_03
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042Jump to behavior
        Source: LEmcGUQfA7.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: LEmcGUQfA7.exe, 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
        Source: LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT action_url, username_value, password_value FROM logins;
        Source: LEmcGUQfA7.exe, 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
        Source: LEmcGUQfA7.exe, 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
        Source: LEmcGUQfA7.exe, 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
        Source: LEmcGUQfA7.exe, LEmcGUQfA7.exe, 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
        Source: LEmcGUQfA7.exe, 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
        Source: LEmcGUQfA7.exe, 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
        Source: LEmcGUQfA7.exeReversingLabs: Detection: 55%
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile read: C:\Users\user\Desktop\LEmcGUQfA7.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\LEmcGUQfA7.exe "C:\Users\user\Desktop\LEmcGUQfA7.exe"
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeProcess created: C:\Users\user\Desktop\LEmcGUQfA7.exe "C:\Users\user\Desktop\LEmcGUQfA7.exe"
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c pip install requests
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeProcess created: C:\Users\user\Desktop\LEmcGUQfA7.exe "C:\Users\user\Desktop\LEmcGUQfA7.exe"Jump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c pip install requestsJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: libffi-8.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: vcruntime140_1.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: libcrypto-1_1.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: libssl-1_1.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: sqlite3.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeSection loaded: wintypes.dllJump to behavior
        Source: LEmcGUQfA7.exeStatic PE information: Image base 0x140000000 > 0x60000000
        Source: LEmcGUQfA7.exeStatic file information: File size 21805582 > 1048576
        Source: LEmcGUQfA7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
        Source: LEmcGUQfA7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
        Source: LEmcGUQfA7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
        Source: LEmcGUQfA7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: LEmcGUQfA7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
        Source: LEmcGUQfA7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
        Source: LEmcGUQfA7.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
        Source: LEmcGUQfA7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2346172333.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2346650273.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\sqlite3.pdb source: LEmcGUQfA7.exe, 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_overlapped.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2335336142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2337189401.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2333985188.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2339689440.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2336888430.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2341484859.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2344679452.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-memory-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2339689440.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2346788375.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2336088142.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2345861061.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2335072353.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2339144104.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2341814581.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2340903729.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2339144104.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2344327291.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2346279390.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2338253784.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2336971459.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2340148748.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2344679452.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2340148748.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2336724452.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2347044637.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2337048988.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2340067888.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2341639570.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2341372772.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-process-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2346511322.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2343393174.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2341814581.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2336179643.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2336807424.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2333856645.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2336971459.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_asyncio.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2334058285.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2340356860.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: LEmcGUQfA7.exe, 00000002.00000002.2493850862.00007FFE75C70000.00000002.00000001.01000000.0000001C.sdmp
        Source: Binary string: api-ms-win-core-file-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2337048988.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1q 5 Jul 2022built on: Thu Aug 18 20:15:42 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: LEmcGUQfA7.exe, 00000002.00000002.2495394111.00007FFE75F7E000.00000002.00000001.01000000.00000016.sdmp
        Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2346788375.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2343393174.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2344327291.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2347044637.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2338253784.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2336642751.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2492810553.00007FFE759C2000.00000002.00000001.01000000.00000031.sdmp
        Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2341484859.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2341372772.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2334350588.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_multiprocessing.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2335200067.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2340067888.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-profile-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2340356860.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-file-l1-2-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2337189401.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: LEmcGUQfA7.exe, 00000002.00000002.2495394111.00007FFE75F7E000.00000002.00000001.01000000.00000016.sdmp
        Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2336807424.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2346384467.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2342770813.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2346279390.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2339542052.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2334960400.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2339280367.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2340700676.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2346931590.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2340226158.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-debug-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2336888430.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2339379459.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2346172333.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2339542052.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2339984931.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2346384467.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2347126991.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbNN source: LEmcGUQfA7.exe, 00000000.00000003.2335072353.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2340523048.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2341639570.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2340700676.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2336724452.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2337821975.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2346511322.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2339379459.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2347126991.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\_w\1\b\bin\amd64\python3.pdb source: LEmcGUQfA7.exe, 00000002.00000002.2477280334.000001908B080000.00000002.00000001.01000000.00000007.sdmp
        Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2339984931.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-synch-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2340903729.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2339280367.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2346650273.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2340226158.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2340523048.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2345861061.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: LEmcGUQfA7.exe, 00000002.00000002.2495394111.00007FFE76000000.00000002.00000001.01000000.00000016.sdmp
        Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: LEmcGUQfA7.exe, 00000000.00000003.2346931590.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdbGCTL source: LEmcGUQfA7.exe, 00000000.00000003.2342770813.000001866DCD2000.00000004.00000020.00020000.00000000.sdmp
        Source: LEmcGUQfA7.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
        Source: LEmcGUQfA7.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
        Source: LEmcGUQfA7.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
        Source: LEmcGUQfA7.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
        Source: LEmcGUQfA7.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
        Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: 0x9CBDF732 [Thu May 1 06:54:42 2053 UTC]
        Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
        Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
        Source: python311.dll.0.drStatic PE information: section name: PyRuntim
        Source: mfc140u.dll.0.drStatic PE information: section name: .didat
        Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-console-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\libcrypto-1_1.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\PublicKey\_curve25519.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_cbc.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_chacha20.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\_socket.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_SHA256.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_ghash_portable.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\pyexpat.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-file-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\VCRUNTIME140_1.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\_sqlite3.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\PublicKey\_curve448.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_cfb.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\_ssl.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_BLAKE2b.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_MD2.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Pythonwin\mfc140u.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_ecb.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\pywin32_system32\pythoncom311.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\_overlapped.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\PublicKey\_ed25519.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\libffi-8.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\VCRUNTIME140.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_des.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_RIPEMD160.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\_hashlib.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\_ctypes.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Math\_modexp.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_MD4.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\select.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\PublicKey\_ec_ws.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\pywin32_system32\pywintypes311.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\_asyncio.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_ARC4.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_ofb.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Util\_strxor.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\win32\win32api.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-file-l1-2-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\python311.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_SHA224.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_SHA1.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_MD5.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Util\_cpuid_c.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\sqlite3.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_ghash_clmul.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_keccak.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\PublicKey\_ed448.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Pythonwin\win32ui.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-string-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\charset_normalizer\md.cp311-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\_lzma.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\_queue.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\win32com\shell\shell.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_aesni.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_aes.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_ocb.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\win32\_win32sysloader.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\win32\win32trace.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_SHA512.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\ucrtbase.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\_decimal.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_poly1305.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\unicodedata.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_SHA384.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\_uuid.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\libssl-1_1.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_ctr.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-util-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\charset_normalizer\md__mypyc.cp311-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_BLAKE2s.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_cast.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-file-l2-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_arc2.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\python3.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\_multiprocessing.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\cryptography\hazmat\bindings\_rust.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\_bz2.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\_cffi_backend.cp311-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_Salsa20.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_des3.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Protocol\_scrypt.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6E5820 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF6EB6E5820
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-console-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\PublicKey\_curve25519.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_cbc.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_chacha20.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\_socket.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_SHA256.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_ghash_portable.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\pyexpat.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-file-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\_sqlite3.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\PublicKey\_curve448.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_cfb.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\_ssl.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_BLAKE2b.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_MD2.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Pythonwin\mfc140u.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_ecb.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\_overlapped.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\pywin32_system32\pythoncom311.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\PublicKey\_ed25519.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_des.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_RIPEMD160.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\_hashlib.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\_ctypes.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Math\_modexp.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_MD4.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\select.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\PublicKey\_ec_ws.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\pywin32_system32\pywintypes311.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\_asyncio.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_ARC4.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_ofb.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Util\_strxor.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\win32\win32api.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-file-l1-2-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\python311.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_SHA224.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_SHA1.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_MD5.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Util\_cpuid_c.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\PublicKey\_ed448.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_ghash_clmul.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_keccak.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Pythonwin\win32ui.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-string-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\charset_normalizer\md.cp311-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\_lzma.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\_queue.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\win32com\shell\shell.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_aesni.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_aes.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_ocb.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\win32\_win32sysloader.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\win32\win32trace.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_SHA512.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\_decimal.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_poly1305.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\unicodedata.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\_uuid.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_SHA384.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-util-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_ctr.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\charset_normalizer\md__mypyc.cp311-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_BLAKE2s.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_cast.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-file-l2-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_arc2.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\python3.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\_multiprocessing.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\_cffi_backend.cp311-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\_bz2.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\cryptography\hazmat\bindings\_rust.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_Salsa20.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_des3.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Protocol\_scrypt.pydJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-17340
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeAPI coverage: 2.0 %
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6E83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF6EB6E83B0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6E92F0 FindFirstFileExW,FindClose,0_2_00007FF6EB6E92F0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB7018E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6EB7018E4
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6E92F0 FindFirstFileExW,FindClose,2_2_00007FF6EB6E92F0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6E83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF6EB6E83B0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB7018E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF6EB7018E4
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75D33229 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,2_2_00007FFE75D33229
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE759FF8D0 GetSystemInfo,2_2_00007FFE759FF8D0
        Source: LEmcGUQfA7.exe, 00000000.00000003.2348570588.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
        Source: LEmcGUQfA7.exe, 00000002.00000003.2378282510.000001908B68E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2369302507.000001908B68E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2377658211.000001908B68E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448629940.000001908B6A8000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448020435.000001908B68E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2382741485.000001908B68E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2373586639.000001908B68E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2475452281.000001908B6B5000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446661715.000001908B68B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWrj
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6ED19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6EB6ED19C
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB7034F0 GetProcessHeap,0_2_00007FF6EB7034F0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6ED37C SetUnhandledExceptionFilter,0_2_00007FF6EB6ED37C
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6ED19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6EB6ED19C
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6EC910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF6EB6EC910
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6FA684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6EB6FA684
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6ED37C SetUnhandledExceptionFilter,2_2_00007FF6EB6ED37C
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6ED19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF6EB6ED19C
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6EC910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF6EB6EC910
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FF6EB6FA684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF6EB6FA684
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE759C1A30 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE759C1A30
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE759C1460 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE759C1460
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75B18000 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE75B18000
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75B63028 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE75B63028
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75B62A60 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE75B62A60
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 2_2_00007FFE75C82009 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE75C82009
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeProcess created: C:\Users\user\Desktop\LEmcGUQfA7.exe "C:\Users\user\Desktop\LEmcGUQfA7.exe"Jump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c pip install requestsJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB7095E0 cpuid 0_2_00007FF6EB7095E0
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\PublicKey VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\PublicKey VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Util VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\certifi VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\charset_normalizer VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\cryptography-44.0.0.dist-info\licenses VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\cryptography-44.0.0.dist-info\licenses VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\ucrtbase.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\_ctypes.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\_lzma.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Pythonwin VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-console-l1-1-0.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-debug-l1-1-0.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-errorhandling-l1-1-0.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-file-l1-1-0.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-handle-l1-1-0.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-libraryloader-l1-1-0.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-memory-l1-1-0.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-processenvironment-l1-1-0.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-string-l1-1-0.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-synch-l1-2-0.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-timezone-l1-1-0.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-heap-l1-1-0.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-math-l1-1-0.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Pythonwin VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Pythonwin VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Pythonwin VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\_socket.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\select.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\pyexpat.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\_queue.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Pythonwin VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\Pythonwin VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\pywin32_system32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\win32com VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\win32com VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\win32com VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\win32 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70042\_asyncio.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeQueries volume information: C:\Users\user\Desktop\LEmcGUQfA7.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB6ED080 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF6EB6ED080
        Source: C:\Users\user\Desktop\LEmcGUQfA7.exeCode function: 0_2_00007FF6EB705C70 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF6EB705C70

        Stealing of Sensitive Information

        barindex
        Yara detected Creal Stealer
        Source: Yara matchFile source: 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: LEmcGUQfA7.exe PID: 7088, type: MEMORYSTR
        Yara detected Generic Python Stealer
        Source: Yara matchFile source: Process Memory Space: LEmcGUQfA7.exe PID: 7088, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Yara detected Creal Stealer
        Source: Yara matchFile source: 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: LEmcGUQfA7.exe PID: 7088, type: MEMORYSTR
        Yara detected Generic Python Stealer
        Source: Yara matchFile source: Process Memory Space: LEmcGUQfA7.exe PID: 7088, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API        		1
        DLL Side-Loading        		11
        Process Injection        		11
        Process Injection        		OS Credential Dumping2
        System Time Discovery        		Remote Services1
        Archive Collected Data        		22
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
        DLL Side-Loading        		1
        Deobfuscate/Decode Files or Information        		LSASS Memory21
        Security Software Discovery        		Remote Desktop ProtocolData from Removable Media1
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
        Obfuscated Files or Information        		Security Account Manager1
        File and Directory Discovery        		SMB/Windows Admin SharesData from Network Shared Drive2
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        Timestomp        		NTDS23
        System Information Discovery        		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        DLL Side-Loading        		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1585288 Sample: LEmcGUQfA7.exe Startdate: 07/01/2025 Architecture: WINDOWS Score: 80 31 handler-phi.vercel.app 2->31 35 Antivirus detection for URL or domain 2->35 37 Antivirus / Scanner detection for submitted sample 2->37 39 Multi AV Scanner detection for submitted file 2->39 41 3 other signatures 2->41 9 LEmcGUQfA7.exe 158 2->9         started        signatures3 process4 file5 23 C:\Users\user\AppData\Local\...\shell.pyd, PE32+ 9->23 dropped 25 C:\Users\user\AppData\...\win32trace.pyd, PE32+ 9->25 dropped 27 C:\Users\user\AppData\Local\...\win32api.pyd, PE32+ 9->27 dropped 29 115 other files (none is malicious) 9->29 dropped 12 LEmcGUQfA7.exe 9->12         started        process6 dnsIp7 33 handler-phi.vercel.app 216.198.79.129, 443, 49712 NBS11696US United States 12->33 15 cmd.exe 1 12->15         started        17 cmd.exe 1 12->17         started        process8 process9 19 conhost.exe 15->19         started        21 conhost.exe 17->21         started       

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        LEmcGUQfA7.exe55%ReversingLabsWin64.Trojan.CrealStealer
        LEmcGUQfA7.exe100%AviraOSX/GM.ReverseShe.TH

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_ARC4.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_Salsa20.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_chacha20.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_pkcs1_decode.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_aes.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_aesni.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_arc2.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_blowfish.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_cast.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_cbc.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_cfb.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_ctr.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_des.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_des3.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_ecb.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_ocb.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_ofb.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_BLAKE2b.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_BLAKE2s.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_MD2.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_MD4.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_MD5.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_RIPEMD160.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_SHA1.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_SHA224.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_SHA256.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_SHA384.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_SHA512.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_ghash_clmul.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_ghash_portable.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_keccak.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_poly1305.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Math\_modexp.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Protocol\_scrypt.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\PublicKey\_curve25519.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\PublicKey\_curve448.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\PublicKey\_ec_ws.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\PublicKey\_ed25519.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\PublicKey\_ed448.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Util\_cpuid_c.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Util\_strxor.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Pythonwin\mfc140u.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\Pythonwin\win32ui.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\VCRUNTIME140.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\VCRUNTIME140_1.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\_asyncio.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\_bz2.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\_cffi_backend.cp311-win_amd64.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\_ctypes.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\_decimal.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\_hashlib.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\_lzma.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\_multiprocessing.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\_overlapped.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\_queue.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\_socket.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\_sqlite3.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\_ssl.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\_uuid.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://xbox.com)0%Avira URL Cloudsafe
        https://coinbase.com)0%Avira URL Cloudsafe
        https://tiktok.com)0%Avira URL Cloudsafe
        https://discord.com)0%Avira URL Cloudsafe
        https://riotgames.com)0%Avira URL Cloudsafe
        https://paypal.com)0%Avira URL Cloudsafe
        https://peps.K0%Avira URL Cloudsafe
        https://discord.gift/100%Avira URL Cloudmalware
        http://www.dabeaz.com/ply)F0%Avira URL Cloudsafe
        https://stake.com)0%Avira URL Cloudsafe
        https://youtube.com)0%Avira URL Cloudsafe
        https://amazon.com)0%Avira URL Cloudsafe
        https://crunchyroll.com)0%Avira URL Cloudsafe
        https://ebay.com)0%Avira URL Cloudsafe
        https://disney.com)0%Avira URL Cloudsafe
        https://playstation.com)0%Avira URL Cloudsafe
        https://sellix.io)0%Avira URL Cloudsafe
        https://bugs.python.or0%Avira URL Cloudsafe
        https://hbo.c0%Avira URL Cloudsafe
        https://handler-phi.vercel.app/1.txtxt100%Avira URL Cloudmalware
        https://twitch.com)0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        handler-phi.vercel.app
        		216.198.79.129
        		truefalse
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdfLEmcGUQfA7.exe, 00000002.00000003.2450019226.000001908C815000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461561337.000001908C820000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446303005.000001908C815000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2462607943.000001908C829000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            http://www.dabeaz.com/ply)FLEmcGUQfA7.exe, 00000002.00000003.2450394292.000001908CA67000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2453509400.000001908CA67000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2469982867.000001908CA93000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2485217458.000001908CA94000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2467043177.000001908CA90000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2469458006.000001908CA91000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2464263924.000001908CA78000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.dabeaz.com/ply)LEmcGUQfA7.exe, 00000002.00000002.2490310798.000001908D500000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              https://discord.gift/LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://aka.ms/vcpython27LEmcGUQfA7.exe, 00000002.00000002.2487304168.000001908CE80000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                https://github.com/mhammond/pywin32LEmcGUQfA7.exe, 00000000.00000003.2333569188.000001866DCD2000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://coinbase.com)LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://stake.com)LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://tiktok.com)LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://github.com/urllib3/urllib3/issues/3290li.pywLEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    http://docs.python.org/library/unittest.htmlLEmcGUQfA7.exe, 00000002.00000003.2445523435.000001908BDF6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446372598.000001908BE1E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446011901.000001908BE0F000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447213222.000001908BE6F000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://discord.com)LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#LEmcGUQfA7.exe, 00000002.00000003.2362644343.000001908978D000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452388506.0000019089775000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454973619.0000019089784000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2467912697.0000019089794000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449134729.000001908975E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451712799.0000019089769000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2477104682.0000019089797000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449301786.0000019089768000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2363289211.0000019089786000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2362964753.0000019089775000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2360516683.000001908B461000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://tools.ietf.org/html/rfc2388#section-4.4LEmcGUQfA7.exe, 00000002.00000003.2446151392.000001908C5CC000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2462827486.000001908C5D2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2483267889.000001908C5D2000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64LEmcGUQfA7.exe, 00000002.00000003.2461833476.000001908BBC6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2376038670.000001908BBC1000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449189434.000001908BBA4000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454450969.000001908BBBA000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://paypal.com)LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://github.com/pypa/packagingLEmcGUQfA7.exe, 00000002.00000002.2482458281.000001908C060000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2482852796.000001908C380000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://riotgames.com)LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://peps.KLEmcGUQfA7.exe, 00000002.00000003.2366074823.000001908B53E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2366564998.000001908B53E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2365974051.000001908B53E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2367223025.000001908B53E000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://refspecs.linuxfoundation.org/elf/gabi4LEmcGUQfA7.exe, 00000002.00000002.2482458281.000001908C060000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2482963076.000001908C480000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                http://cffi.readthedocs.io/en/latest/cdef.html#ffi-cdef-limitationsLEmcGUQfA7.exe, 00000002.00000002.2489741558.000001908D450000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://discord.com/api/v9/users/LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://xbox.com)LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963LEmcGUQfA7.exe, 00000002.00000002.2488227407.000001908D080000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://youtube.com)LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://docs.python.org/3/library/subprocess#subprocess.Popen.killLEmcGUQfA7.exe, 00000002.00000002.2487824222.000001908CF80000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://tools.ietf.org/html/rfc3610LEmcGUQfA7.exe, 00000002.00000003.2445681741.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454927780.000001908C7C3000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2483644806.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2471153370.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2474902026.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2467616680.000001908C7C4000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2470516358.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454338182.000001908C798000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452033267.000001908C797000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451614314.000001908C77A000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://peps.python.org/pep-0205/LEmcGUQfA7.exe, 00000002.00000002.2480081829.000001908B760000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            http://crl.dhimyotis.com/certignarootca.crlLEmcGUQfA7.exe, 00000002.00000003.2450044250.000001908C9B7000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452768026.000001908C9C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://curl.haxx.se/rfc/cookie_spec.htmlLEmcGUQfA7.exe, 00000002.00000002.2489348454.000001908D2B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                http://ocsp.accv.esLEmcGUQfA7.exe, 00000002.00000003.2445681741.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449764117.000001908C6FE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447948360.000001908C6E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://docs.python.org/3/library/subprocess#subprocess.Popen.returncodeLEmcGUQfA7.exe, 00000002.00000002.2487824222.000001908CF80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.accv.es/legislacion_c.htmBLEmcGUQfA7.exe, 00000002.00000003.2449551899.000001908C854000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445333718.000001908C854000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451222829.000001908C866000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://json.orgLEmcGUQfA7.exe, 00000002.00000003.2452459149.000001908BF40000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2479991996.000001908B746000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2468558797.000001908B726000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2464149826.000001908B725000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenameLEmcGUQfA7.exe, 00000002.00000002.2477157467.000001908AF70000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2360516683.000001908B461000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://github.com/urllib3/urllib3/issues/2920pnLEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyLEmcGUQfA7.exe, 00000002.00000003.2385243813.000001908C6C0000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://docs.python.org/3/library/pprint.htmlLEmcGUQfA7.exe, 00000002.00000003.2451484421.000001908B5F4000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2462760614.000001908B5FC000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2462088987.000001908B5F9000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449426352.000001908B5F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688LEmcGUQfA7.exe, 00000002.00000002.2477157467.000001908AFF8000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2360516683.000001908B461000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://httpbin.org/getLEmcGUQfA7.exe, 00000002.00000002.2489741558.000001908D3E0000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2455732641.000001908C6E2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461777879.000001908C7E2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450910165.000001908C7D1000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451614314.000001908C77A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://amazon.com)LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://crunchyroll.com)LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-accessLEmcGUQfA7.exe, 00000002.00000003.2369302507.000001908B582000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2477514403.000001908B482000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_codeLEmcGUQfA7.exe, 00000002.00000002.2477405295.000001908B260000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2360516683.000001908B461000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://wwww.certigna.fr/autorites/0mLEmcGUQfA7.exe, 00000002.00000003.2468637616.000001908B582000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451957218.000001908B561000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerLEmcGUQfA7.exe, 00000002.00000003.2362644343.000001908978D000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452388506.0000019089775000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454973619.0000019089784000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2467912697.0000019089794000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449134729.000001908975E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451712799.0000019089769000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2477104682.0000019089797000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449301786.0000019089768000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2363289211.0000019089786000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2362964753.0000019089775000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2360516683.000001908B461000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://raw.githubusercontent.com/Ayhuuu/injection/main/index.jsLEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://ebay.com)LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://httpbin.org/LEmcGUQfA7.exe, 00000002.00000003.2463610879.000001908B594000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://wwww.certigna.fr/autorites/LEmcGUQfA7.exe, 00000002.00000003.2450804243.000001908C9D2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2484457846.000001908C9D6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450044250.000001908C9B7000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2470370400.000001908C9D6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452768026.000001908C9D6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://bugs.python.orLEmcGUQfA7.exe, 00000002.00000003.2381001689.000001908BD02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.cl.cam.ac.uk/~mgk25/iso-time.htmlLEmcGUQfA7.exe, 00000002.00000003.2371171380.000001908B572000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2376038670.000001908BB90000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2370961993.000001908BBA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_moduleLEmcGUQfA7.exe, 00000002.00000002.2477405295.000001908B260000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2360516683.000001908B461000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesLEmcGUQfA7.exe, 00000002.00000002.2477157467.000001908AF70000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2360516683.000001908B461000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://playstation.com)LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535LEmcGUQfA7.exe, 00000002.00000003.2470813585.000001908C7B2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2484088452.000001908C7B6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461032560.000001908C7B2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454338182.000001908C798000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452033267.000001908C797000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454999315.000001908C7B1000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451614314.000001908C77A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syLEmcGUQfA7.exe, 00000002.00000003.2362644343.000001908978D000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452388506.0000019089775000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454973619.0000019089784000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2467912697.0000019089794000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449134729.000001908975E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451712799.0000019089769000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2477104682.0000019089797000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449301786.0000019089768000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2363289211.0000019089786000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2362964753.0000019089775000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2360516683.000001908B461000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://sellix.io)LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://disney.com)LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://docs.python.org/3/library/re.htmlLEmcGUQfA7.exe, 00000002.00000003.2380898988.000001908BED9000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451797760.000001908BCE5000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446724570.000001908BCE5000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447050684.000001908BD45000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://github.com/pypa/setuptools/issues/417#issuecomment-392298401LEmcGUQfA7.exe, 00000002.00000002.2480295337.000001908B960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://github.com/ActiveState/appdirsLEmcGUQfA7.exe, 00000002.00000002.2480627474.000001908BA60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://wiki.debian.org/XDGBaseDirectorySpecification#stateLEmcGUQfA7.exe, 00000002.00000003.2454095436.000001908B4B1000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454424011.000001908B4BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448183464.000001908B48D000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448290907.000001908B497000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451183054.000001908B4AF000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449036019.000001908B4AE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2377868256.000001908B4B3000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461645458.000001908B4CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://crl.securetrust.com/STCA.crlLEmcGUQfA7.exe, 00000002.00000003.2445877715.000001908C602000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445681741.000001908C5E9000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446489563.000001908C611000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448109564.000001908C631000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447832472.000001908C61A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://hbo.cLEmcGUQfA7.exe, 00000002.00000003.2451614314.000001908C77A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://wwwsearch.sf.net/):LEmcGUQfA7.exe, 00000002.00000003.2467721513.000001908C79A000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454338182.000001908C798000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452033267.000001908C797000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451614314.000001908C77A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0LEmcGUQfA7.exe, 00000002.00000003.2445681741.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449764117.000001908C6FE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461833476.000001908BBC6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2462116336.000001908BBCC000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447948360.000001908C6E5000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449189434.000001908BBA4000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454450969.000001908BBBA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.accv.es/legislacion_c.htmLEmcGUQfA7.exe, 00000002.00000003.2449551899.000001908C854000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445333718.000001908C854000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451222829.000001908C866000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://tools.ietf.org/html/rfc6125#section-6.4.3LEmcGUQfA7.exe, 00000002.00000002.2489348454.000001908D2B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://discord.com/api/v6/guilds/LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://crl.xrampsecurity.com/XGCA.crl0LEmcGUQfA7.exe, 00000002.00000003.2454927780.000001908C7C3000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2467616680.000001908C7C4000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454338182.000001908C798000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452033267.000001908C797000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451614314.000001908C77A000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2474754482.000001908C7CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://handler-phi.vercel.app/1.txtxtLEmcGUQfA7.exe, 00000002.00000002.2491582636.000001908D7F4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: malware
                                                                                                                  		unknown
                                                                                                                  https://bugs.python.org/issue44497.LEmcGUQfA7.exe, 00000002.00000002.2482637694.000001908C180000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2482852796.000001908C380000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.cert.fnmt.es/dpcs/LEmcGUQfA7.exe, 00000002.00000003.2445681741.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450044250.000001908C9B7000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2464095398.000001908C6F0000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2455732641.000001908C6EB000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450542630.000001908C6EB000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452768026.000001908C9C0000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447948360.000001908C6E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://google.com/mailLEmcGUQfA7.exe, 00000002.00000003.2455065361.000001908C5E4000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2471790222.000001908C7D5000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445827060.000001908C5D8000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450910165.000001908C7D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://packaging.python.org/specifications/entry-points/LEmcGUQfA7.exe, 00000002.00000002.2482637694.000001908C180000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://github.com/jaraco/jaraco.functools/issues/5LEmcGUQfA7.exe, 00000002.00000002.2482348060.000001908BF60000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2482963076.000001908C480000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.accv.es00LEmcGUQfA7.exe, 00000002.00000003.2461833476.000001908BBC6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449551899.000001908C854000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445333718.000001908C854000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451222829.000001908C866000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2462116336.000001908BBCC000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449189434.000001908BBA4000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454450969.000001908BBBA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyLEmcGUQfA7.exe, 00000002.00000003.2360516683.000001908B461000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.phys.uu.nl/~vgent/calendar/isocalendar.htmLEmcGUQfA7.exe, 00000002.00000003.2371171380.000001908B572000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2376038670.000001908BB90000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2370961993.000001908BBA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://www.rfc-editor.org/info/rfc7253LEmcGUQfA7.exe, 00000002.00000003.2450019226.000001908C815000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461561337.000001908C820000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446303005.000001908C815000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://twitch.com)LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    http://bugs.python.org/issue23606)LEmcGUQfA7.exe, 00000002.00000002.2489741558.000001908D450000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdfLEmcGUQfA7.exe, 00000002.00000003.2445681741.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454927780.000001908C7C3000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2483644806.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2471153370.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2474902026.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2467616680.000001908C7C4000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2470516358.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454338182.000001908C798000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452033267.000001908C797000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451614314.000001908C77A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://foss.heptapod.net/pypy/pypy/-/issues/3539LEmcGUQfA7.exe, 00000002.00000002.2488227407.000001908D080000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.LEmcGUQfA7.exe, 00000002.00000003.2464125412.000001908C79F000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2484054518.000001908C7A3000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454338182.000001908C798000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452033267.000001908C797000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451614314.000001908C77A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://google.com/LEmcGUQfA7.exe, 00000002.00000003.2445523435.000001908BDF6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446372598.000001908BE1E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452288562.000001908BE4E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447300568.000001908BE2E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2447357344.000001908BE41000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454844675.000001908C7E9000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454798426.000001908BE5E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2470758804.000001908C7EA000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461925051.000001908BE5F000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2484156172.000001908C7EA000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446011901.000001908BE0F000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2453458237.000001908BE4F000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454477933.000001908C7E0000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451769855.000001908BE48000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2464762467.000001908C7EA000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450910165.000001908C7D1000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2467837479.000001908BE66000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://mahler:8092/site-updates.pyLEmcGUQfA7.exe, 00000002.00000003.2385038990.000001908C831000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449551899.000001908C854000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445333718.000001908C854000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451222829.000001908C866000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2385417361.000001908C806000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://crl.securetrust.com/SGCA.crlLEmcGUQfA7.exe, 00000002.00000003.2447832472.000001908C61A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://.../back.jpegLEmcGUQfA7.exe, 00000002.00000002.2489348454.000001908D2B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://tools.ietf.org/html/rfc5869LEmcGUQfA7.exe, 00000002.00000003.2461599975.000001908CAF0000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2463526267.000001908CB08000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446342715.000001908CAD8000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461354426.000001908CAE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://www.python.org/download/releases/2.3/mro/.LEmcGUQfA7.exe, 00000002.00000002.2477157467.000001908AF70000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2361745598.000001908B4DA000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2362017858.000001908B4EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.htmlLEmcGUQfA7.exe, 00000002.00000003.2466396934.000001908B725000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2445681741.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450394292.000001908CA67000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2470318327.000001908C58F000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2464545423.000001908C581000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446372598.000001908BEB6000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454927780.000001908C7C3000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2449330464.000001908BBCD000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2484758845.000001908CA67000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2453509400.000001908CA67000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448478846.000001908B6CB000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448020435.000001908B68E000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446342715.000001908CAD8000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2483644806.000001908C6BE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2481226796.000001908BBE0000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450044250.000001908C9B7000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2468060841.000001908C58D000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2448234954.000001908B6BD000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2462302480.000001908BEC0000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2466564674.000001908CA67000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451559382.000001908B721000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://httpbin.org/postLEmcGUQfA7.exe, 00000002.00000003.2454338182.000001908C798000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2452033267.000001908C797000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461032560.000001908C7AD000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451614314.000001908C77A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://discord.gg/LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://discordapp.com/api/v6/users/LEmcGUQfA7.exe, 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsNLEmcGUQfA7.exe, 00000002.00000003.2454844675.000001908C7E9000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2470758804.000001908C7EA000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2484156172.000001908C7EA000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2454477933.000001908C7E0000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2464762467.000001908C7EA000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450910165.000001908C7D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_sourceLEmcGUQfA7.exe, 00000002.00000002.2477157467.000001908AF70000.00000004.00001000.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2360516683.000001908B461000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://github.com/Ousret/charset_normalizerLEmcGUQfA7.exe, 00000002.00000003.2454907805.000001908C7DA000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450910165.000001908C7D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://www.firmaprofesional.com/cps0LEmcGUQfA7.exe, 00000002.00000003.2447624186.000001908BCE5000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450804243.000001908C9D2000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2469191181.000001908BCEE000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450963845.000001908C9E3000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2450044250.000001908C9B7000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2461680787.000001908BCE5000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451797760.000001908BCE5000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2451382683.000001908C9E9000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000003.2446724570.000001908BCE5000.00000004.00000020.00020000.00000000.sdmp, LEmcGUQfA7.exe, 00000002.00000002.2481754721.000001908BCF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high

                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                        Public IPs

                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                        216.198.79.129
                                                                                                                                                                        		handler-phi.vercel.appUnited States
                                                                                                                                                                        		11696NBS11696USfalse

                                                                                                                                                                        General Information

                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                        Analysis ID:1585288
                                                                                                                                                                        Start date and time:2025-01-07 13:18:08 +01:00
                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                        Overall analysis duration:0h 8m 43s
                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                        Report type:full
                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                        Number of analysed new started processes analysed:10
                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                        Technologies:
                                                                                                                                                                        • HCA enabled
                                                                                                                                                                        • EGA enabled
                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                        Sample name:LEmcGUQfA7.exe
                                                                                                                                                                        renamed because original name is a hash value
                                                                                                                                                                        Original Sample Name:36c21ad5cdbe18051c6b3024919db784.exe
                                                                                                                                                                        Detection:MAL
                                                                                                                                                                        Classification:mal80.troj.winEXE@9/134@1/1
                                                                                                                                                                        EGA Information:
                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                        HCA Information:
                                                                                                                                                                        • Successful, ratio: 81%
                                                                                                                                                                        • Number of executed functions: 90
                                                                                                                                                                        • Number of non-executed functions: 188
                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                                                                        Warnings

                                                                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 52.149.20.212
                                                                                                                                                                        • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                        • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                        • VT rate limit hit for: LEmcGUQfA7.exe

                                                                                                                                                                        Simulations

                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                        No simulations

                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                        IPs

                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                        216.198.79.129https://rebrand.ly/3d446fGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                          https://telegra.ph/Clarkson-122025-01-02Get hashmaliciousUnknownBrowse

                                                                                                                                                                            Domains

                                                                                                                                                                            No context

                                                                                                                                                                            ASNs

                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            NBS11696UShttps://rebrand.ly/3d446fGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                            • 216.198.79.129
                                                                                                                                                                            armv4l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 216.86.38.235
                                                                                                                                                                            https://telegra.ph/Clarkson-122025-01-02Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • 216.198.79.129
                                                                                                                                                                            https://telegra.ph/Clarkson-122025-01-02Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • 216.198.79.193
                                                                                                                                                                            arm7.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 64.190.141.22
                                                                                                                                                                            htkeUc1zJ0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 64.190.63.136
                                                                                                                                                                            https://www.cadbury.com@nmlr.xyz/christmas-hamperGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 64.190.63.222
                                                                                                                                                                            1iC0WTxgUf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 64.190.63.136
                                                                                                                                                                            236236236.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 64.190.63.222
                                                                                                                                                                            https://t.co/eSJUUrWOcOGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                            • 216.198.79.1

                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                            No context

                                                                                                                                                                            Dropped Files

                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_ARC4.pyd3LcZO15oTC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              3LcZO15oTC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                main.exeGet hashmaliciousDiscord Token StealerBrowse
                                                                                                                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    file.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                      DChOtFdp9T.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                                                                                                                        3OQL58yflv.exeGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                          7zip.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            main.exeGet hashmaliciousPython Stealer, Discord Token Stealer, PRYSMAX STEALERBrowse
                                                                                                                                                                                              main.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_ARC4.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11264
                                                                                                                                                                                                Entropy (8bit):4.640339306680604
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:dLklddyTHThob0q/tJRrlDfNYSOcqgYCWt:ZgcdZq/JJD6gRWt
                                                                                                                                                                                                MD5:BCD8CAAF9342AB891BB1D8DD45EF0098
                                                                                                                                                                                                SHA1:EE7760BA0FF2548F25D764F000EFBB1332BE6D3E
                                                                                                                                                                                                SHA-256:78725D2F55B7400A3FCAFECD35AF7AEB253FBC0FFCDF1903016EB0AABD1B4E50
                                                                                                                                                                                                SHA-512:8B6FB53AECB514769985EBFDAB1B3C739024597D9C35905E04971D5422256546F7F169BF98F9BAF7D9F42A61CFF3EE7A20664989D3000773BF5EDA10CB3A0C24
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                • Filename: 3LcZO15oTC.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: 3LcZO15oTC.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: DChOtFdp9T.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: 3OQL58yflv.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: 7zip.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...Y..f.........." ................P........................................p............`..........................................'......0(..d....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata..Z.... ......................@..@.data...H....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..(....`.......*..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_Salsa20.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13824
                                                                                                                                                                                                Entropy (8bit):5.0194545642425075
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:4t/1nCuqaL0kt7AznuRmceS4lDFhAlcqgcLg:F/k1ACln4lDogcLg
                                                                                                                                                                                                MD5:F19CB847E567A31FAB97435536C7B783
                                                                                                                                                                                                SHA1:4C8BFE404AF28C1781740E7767619A5E2D2FF2B7
                                                                                                                                                                                                SHA-256:1ECE1DC94471D6977DBE2CEEBA3764ADF0625E2203D6257F7C781C619D2A3DAD
                                                                                                                                                                                                SHA-512:382DC205F703FC3E1F072F17F58E321E1A65B86BE7D9D6B07F24A02A156308A7FEC9B1A621BA1F3428FD6BB413D14AE9ECB2A2C8DD62A7659776CFFDEBB6374C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." ................P.....................................................`..........................................8......H9..d....`.......P..L............p..(....1...............................1..8............0...............................text...h........................... ..`.rdata..r....0......................@..@.data...H....@.......,..............@....pdata..L....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_chacha20.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13312
                                                                                                                                                                                                Entropy (8bit):5.037456384995606
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:st/1nCuqaL0ktPMn1ENe3erKr5br0YbsiDw6a9lkOcqgRGd:p/kpMIodrXbsiDS95gRGd
                                                                                                                                                                                                MD5:DC14677EA8A8C933CC41F9CCF2BEDDC1
                                                                                                                                                                                                SHA1:A6FB87E8F3540743097A467ABE0723247FDAF469
                                                                                                                                                                                                SHA-256:68F081E96AE08617CF111B21EDED35C1774A5EF1223DF9A161C9445A78F25C73
                                                                                                                                                                                                SHA-512:3ABA4CFCBBE4B350AB3230D488BD75186427E3AAAF38D19E0E1C7330F16795AD77FB6E26FF39AF29EAF4F5E8C42118CB680F90AFBFCA218AEDA64DC444675BA2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." ................P.....................................................`......................................... 8.......8..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_pkcs1_decode.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14336
                                                                                                                                                                                                Entropy (8bit):5.09191874780435
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:rMVsiXeqVb0lIb0Pj5Jdfpm68WZDInU282tacqgYLg:rM7ali0Pj5JxCaDuUlgYLg
                                                                                                                                                                                                MD5:C09BB8A30F0F733C81C5C5A3DAD8D76D
                                                                                                                                                                                                SHA1:46FD3BA87A32D12F4EE14601D1AD73B78EDC81D1
                                                                                                                                                                                                SHA-256:8A1B751DB47CE7B1D3BD10BEBFFC7442BE4CFB398E96E3B1FF7FB83C88A8953D
                                                                                                                                                                                                SHA-512:691AC74FAE930E9CEABE782567EFB99C50DD9B8AD607DD7F99A5C7DF2FA2BEB7EDFE2EBB7095A72DA0AE24E688FBABD340EAE8B646D5B8C394FEE8DDD5E60D31
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...X..f.........." ................P.....................................................`.........................................`8.......8..d....`.......P..(............p..(....1...............................1..8............0...............................text............................... ..`.rdata..6....0....... ..............@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_aes.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):36352
                                                                                                                                                                                                Entropy (8bit):6.541423493519083
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:f/UlZA5PUEllvxL/7v/iKBt5ByU0xGitqzSEkxGG7+tpKHb/LZ7fr52EkifcMxme:klcR7JriEbwDaS4j990th9VDBV
                                                                                                                                                                                                MD5:0AB25F99CDAACA6B11F2ECBE8223CAD5
                                                                                                                                                                                                SHA1:7A881B3F84EF39D97A31283DE6D7B7AE85C8BAE6
                                                                                                                                                                                                SHA-256:6CE8A60D1AB5ADC186E23E3DE864D7ADF6BDD37E3B0C591FA910763C5C26AF60
                                                                                                                                                                                                SHA-512:11E89EEF34398DF3B144A0303E08B3A4CAF41A9A8CA618C18135F561731F285F8CF821D81179C2C45F6EEB0E496D9DD3ECF6FF202A3C453C80AFEF8582D06C17
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." .....H...H......P.....................................................`.........................................p...........d...............................0......................................8............`...............................text...xG.......H.................. ..`.rdata.."6...`...8...L..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_aesni.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15360
                                                                                                                                                                                                Entropy (8bit):5.367749645917753
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:YiJBj5fq/Rk0kPLhOZ3UucCWuSKPEkA2bD9JXx03cqg5YUMLgs:/k1kTMZEjCWNaA2DTx0g5YUMLg
                                                                                                                                                                                                MD5:B6EA675C3A35CD6400A7ECF2FB9530D1
                                                                                                                                                                                                SHA1:0E41751AA48108D7924B0A70A86031DDE799D7D6
                                                                                                                                                                                                SHA-256:76EF4C1759B5553550AB652B84F8E158BA8F34F29FD090393815F06A1C1DC59D
                                                                                                                                                                                                SHA-512:E31FD33E1ED6D4DA3957320250282CFD9EB3A64F12DE4BD2DFE3410F66725164D96B27CAA34C501D1A535A5A2442D5F070650FD3014B4B92624EE00F1C3F3197
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.z.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." ......... ......P.....................................................`..........................................9......$:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0......."..............@..@.data...8....@.......2..............@....pdata.......P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_arc2.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16384
                                                                                                                                                                                                Entropy (8bit):5.41148259289073
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:w3d9FkHaz0EJvrj+CYuz7ucc9dG7otDr22KcqgOiewZjW:YkHEJzj+X6769lDzagO/w
                                                                                                                                                                                                MD5:F14E1AA2590D621BE8C10321B2C43132
                                                                                                                                                                                                SHA1:FD84D11619DFFDF82C563E45B48F82099D9E3130
                                                                                                                                                                                                SHA-256:FCE70B3DAFB39C6A4DB85D2D662CB9EB9C4861AA648AD7436E7F65663345D177
                                                                                                                                                                                                SHA-512:A86B9DF163007277D26F2F732ECAB9DBCA8E860F8B5809784F46702D4CEA198824FDEF6AB98BA7DDC281E8791C10EABA002ABDA6F975323B36D5967E0443C1E4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." ....."... ......P.....................................................`.........................................pI.......J..d....p.......`..................(....B...............................B..8............@...............................text...( .......".................. ..`.rdata..<....@.......&..............@..@.data...H....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..(............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_blowfish.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):20992
                                                                                                                                                                                                Entropy (8bit):6.041302713678401
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:kUX0JfbRz5MLZA0nmwzMDYpJgLa0Mp8NDBcxgprAM:6NbRzWXwDqgLa1uBfP
                                                                                                                                                                                                MD5:B127CAE435AEB8A2A37D2A1BC1C27282
                                                                                                                                                                                                SHA1:2A7BF8BF7F24B2381370BA6B41FB640EE42BDCCD
                                                                                                                                                                                                SHA-256:538B1253B5929254ED92129FA0957DB26CDDF34A8372BA0BF19D20D01549ADA3
                                                                                                                                                                                                SHA-512:4FE027E46D5132CA63973C67BD5394F2AC74DD4BBCFE93CB16136FAB4B6BF67BECB5A0D4CA359FF9426DA63CA81F793BBF1B79C8A9D8372C53DCB5796D17367E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....$...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text....".......$.................. ..`.rdata.......@... ...(..............@..@.data...H....`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc..0............P..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_cast.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):24576
                                                                                                                                                                                                Entropy (8bit):6.530656045206549
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:cEDwUBi9SPu71omZXmrfXA+UA10ol31tuXVYdAgYj:FsUBXmoEXmrXA+NNxWFYfo
                                                                                                                                                                                                MD5:2E15AA6F97ED618A3236CFA920988142
                                                                                                                                                                                                SHA1:A9D556D54519D3E91FA19A936ED291A33C0D1141
                                                                                                                                                                                                SHA-256:516C5EA47A7B9A166F2226ECBA79075F1A35EFFF14D87E00006B34496173BB78
                                                                                                                                                                                                SHA-512:A6C75C4A285753CC94E45500E8DD6B6C7574FB7F610FF65667F1BEC8D8B413FC10514B7D62F196C2B8D017C308C5E19E2AEF918021FA81D0CB3D8CED37D8549A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...W..f.........." .....$...>............................................................`..........................................h.......i..d...............................0....a...............................a..8............@...............................text....#.......$.................. ..`.rdata..:-...@.......(..............@..@.data...H....p.......V..............@....pdata...............X..............@..@.rsrc................\..............@..@.reloc..0............^..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_cbc.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                                Entropy (8bit):4.7080156150187396
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:lF/1n7Guqaj0ktfEJwX1fYwCODR3lncqg0Gd6l:RGXkJEm1feODxDg0Gd6
                                                                                                                                                                                                MD5:40390F2113DC2A9D6CFAE7127F6BA329
                                                                                                                                                                                                SHA1:9C886C33A20B3F76B37AA9B10A6954F3C8981772
                                                                                                                                                                                                SHA-256:6BA9C910F755885E4D356C798A4DD32D2803EA4CFABB3D56165B3017D0491AE2
                                                                                                                                                                                                SHA-512:617B963816838D649C212C5021D7D0C58839A85D4D33BBAF72C0EC6ECD98B609080E9E57AF06FA558FF302660619BE57CC974282826AB9F21AE0D80FBAA831A1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...X..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_cfb.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12800
                                                                                                                                                                                                Entropy (8bit):5.159963979391524
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:kblRgfeqfz0RP767fB4A84DgVD6eDcqgzbkLgmf:BwRj67p84Dg6eVgzbkLgmf
                                                                                                                                                                                                MD5:899895C0ED6830C4C9A3328CC7DF95B6
                                                                                                                                                                                                SHA1:C02F14EBDA8B631195068266BA20E03210ABEABC
                                                                                                                                                                                                SHA-256:18D568C7BE3E04F4E6026D12B09B1FA3FAE50FF29AC3DEAF861F3C181653E691
                                                                                                                                                                                                SHA-512:0B4C50E40AF92BC9589668E13DF417244274F46F5A66E1FC7D1D59BC281969BA319305BECEA119385F01CC4603439E4B37AFA2CF90645425210848A02839E3E7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^..6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...Jk.7?...J..7?..Rich6?..................PE..d...Y..f.........." ................P.....................................................`..........................................8......x9..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......(..............@....pdata..d....P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_ctr.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14848
                                                                                                                                                                                                Entropy (8bit):5.270418334522813
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:vktJ1gifqQGRk0IP73AdXdmEEEEEm9uhiFEQayDZVMcqgnF6+6Lg:vkdU1ID3AdXd49urQPDggnUjLg
                                                                                                                                                                                                MD5:C4C525B081F8A0927091178F5F2EE103
                                                                                                                                                                                                SHA1:A1F17B5EA430ADE174D02ECC0B3CB79DBF619900
                                                                                                                                                                                                SHA-256:4D86A90B2E20CDE099D6122C49A72BAE081F60EB2EEA0F76E740BE6C41DA6749
                                                                                                                                                                                                SHA-512:7C06E3E6261427BC6E654B2B53518C7EAA5F860A47AE8E80DC3F8F0FED91E122CB2D4632188DC44123FB759749B5425F426CD1153A8F84485EF0491002B26555
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^z.6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...J..7?...J..7?..Rich6?..........................PE..d...Y..f.........." ......... ......P.....................................................`.........................................`9.......:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_des.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):56832
                                                                                                                                                                                                Entropy (8bit):4.231032526864278
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:0qcmHBeNL1dO/qHkpnYcZiGKdZHDLY84vnKAnK2rZA21agVF:fEiqHHx4vZDV
                                                                                                                                                                                                MD5:F9E266F763175B8F6FD4154275F8E2F0
                                                                                                                                                                                                SHA1:8BE457700D58356BC2FA7390940611709A0E5473
                                                                                                                                                                                                SHA-256:14D2799BE604CBDC668FDE8834A896EEE69DAE0E0D43B37289FCCBA35CEF29EC
                                                                                                                                                                                                SHA-512:EB3E37A3C3FF8A65DEF6FA20941C8672A8197A41977E35AE2DC6551B5587B84C2703758320559F2C93C0531AD5C9D0F6C36EC5037669DC5CE78EB3367D89877B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....6...................................................0............`.................................................\...d...............l............ ..0... ...............................@...8............P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...H...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_des3.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):57344
                                                                                                                                                                                                Entropy (8bit):4.252429732285762
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:J4cmHBeIzNweVy/CHkRnYcZiGKdZHDLq80vnKAnKBrZGsURygUX:GEO6CHnX0vZb7
                                                                                                                                                                                                MD5:DECF524B2D53FCD7D4FA726F00B3E5FC
                                                                                                                                                                                                SHA1:E87C6ED4004F2772B888C5B5758AA75FE99D2F6F
                                                                                                                                                                                                SHA-256:58F7053EE70467D3384C73F299C0DFD63EEF9744D61D1980D9D2518974CA92D4
                                                                                                                                                                                                SHA-512:EAFF4FD80843743E61CE635FBADF4E5D9CF2C3E97F3C48350BD9E755F4423AC6867F9FE8746BD5C54E1402B18E8A55AEEF7ACA098C7CF4186DC4C1235EB35DF2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....8...................................................0............`.....................................................d............................ ..0... ...............................@...8............P...............................text...X7.......8.................. ..`.rdata......P.......<..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_ecb.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10240
                                                                                                                                                                                                Entropy (8bit):4.690163963718492
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:Yddz2KTnThIz0qfteRY4zp+D3PLui8p1cqgHCWt:k2E9RqfCXp+D3juRpLgiWt
                                                                                                                                                                                                MD5:80BB1E0E06ACAF03A0B1D4EF30D14BE7
                                                                                                                                                                                                SHA1:B20CAC0D2F3CD803D98A2E8A25FBF65884B0B619
                                                                                                                                                                                                SHA-256:5D1C2C60C4E571B88F27D4AE7D22494BED57D5EC91939E5716AFA3EA7F6871F6
                                                                                                                                                                                                SHA-512:2A13AB6715B818AD62267AB51E55CD54714AEBF21EC9EA61C2AEFD56017DC84A6B360D024F8682A2E105582B9C5FE892ECEBD2BEF8A492279B19FFD84BC83FA5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ................P........................................p............`.........................................0'.......'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22016
                                                                                                                                                                                                Entropy (8bit):6.1215844022564285
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:nUX0JfbRwUtPMbNv37t6K5jwbDEpJgLa0Mp8xCkgJrAm:jNbRw8EbxwKBwbD+gLa1nh
                                                                                                                                                                                                MD5:3727271FE04ECB6D5E49E936095E95BC
                                                                                                                                                                                                SHA1:46182698689A849A8C210A8BF571D5F574C6F5B1
                                                                                                                                                                                                SHA-256:3AF5B35DCD5A3B6C7E88CEE53F355AAFFF40F2C21DABD4DE27DBB57D1A29B63B
                                                                                                                                                                                                SHA-512:5BED1F4DF678FE90B8E3F1B7C4F68198463E579209B079CB4A40DCAC01CE26AA2417DBE029B196F6F2C6AFAD560E2D1AF9F089ABE37EAD121CA10EE69D9659ED
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....(...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text...H'.......(.................. ..`.rdata.......@... ...,..............@..@.data...H....`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..0............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_ocb.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17920
                                                                                                                                                                                                Entropy (8bit):5.293810509074883
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:4PHoDUntQjNB+/yw/pogeXOvXoTezczOo3p9iJgDQ3iNgnVbwhA:dUOhBcDRogeXOfoTezcio3pUJgDQ3i+
                                                                                                                                                                                                MD5:78AEF441C9152A17DD4DC40C7CC9DF69
                                                                                                                                                                                                SHA1:6BB6F8426AFA6522E647DFC82B1B64FAF3A9781F
                                                                                                                                                                                                SHA-256:56E4E4B156295F1AAA22ECB5481841DE2A9EB84845A16E12A7C18C7C3B05B707
                                                                                                                                                                                                SHA-512:27B27E77BE81B29D42359FE28531225383860BCD19A79044090C4EA58D9F98009A254BF63585979C60B3134D47B8233941ABB354A291F23C8641A4961FA33107
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Y..f.........." .....(... ......P.....................................................`.........................................pI......lJ..d....p.......`..................(....A...............................A..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Cipher\_raw_ofb.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11776
                                                                                                                                                                                                Entropy (8bit):4.862619033406922
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:0Ga+F/1NtJ9t4udqaj01rlALnNNJSS2sP+YEdMN+F9FdKaWDULk+VOmWbucX6gR7:PF/1n7Guqaj0ktfEON+bMDUlJcqg0Gd
                                                                                                                                                                                                MD5:19E0ABF76B274C12FF624A16713F4999
                                                                                                                                                                                                SHA1:A4B370F556B925F7126BF87F70263D1705C3A0DB
                                                                                                                                                                                                SHA-256:D9FDA05AE16C5387AB46DC728C6EDCE6A3D0A9E1ABDD7ACB8B32FC2A17BE6F13
                                                                                                                                                                                                SHA-512:D03033EA5CF37641FBD802EBEB5019CAEF33C9A78E01519FEA88F87E773DCA92C80B74BA80429B530694DAD0BFA3F043A7104234C7C961E18D48019D90277C8E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...Y..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......$..............@....pdata..X....P.......&..............@..@.rsrc........`.......*..............@..@.reloc..(....p.......,..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_BLAKE2b.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14336
                                                                                                                                                                                                Entropy (8bit):5.227045547076371
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:saF/1n7Guqaj0ktrE8o2o+V2rQnjt1wmg9jtveDn4clG6VcqgOvgdd:swGXkFE8Zo+AojO9jZeDf5rgOvgz
                                                                                                                                                                                                MD5:309D6F6B0DD022EBD9214F445CAC7BB9
                                                                                                                                                                                                SHA1:ABD22690B7AD77782CFC0D2393D0C038E16070B0
                                                                                                                                                                                                SHA-256:4FBE188C20FB578D4B66349D50AA6FFE4AB86844FB6427C57738F36780D1E2E2
                                                                                                                                                                                                SHA-512:D1951FE92F83E7774E8E877815BED6E6216D56EF18B7F1C369D678CB6E1814243659E9FA7ABC0D22FB5B34A9D50A51D5A89BA00AE1FDD32157FD0FF9902FB4B7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...x........................... ..`.rdata.......0....... ..............@..@.data...H....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_BLAKE2s.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13824
                                                                                                                                                                                                Entropy (8bit):5.176369829782773
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:rF/1n7Guqaj0ktrESsrUW+SBjsK5tcQmEreD2mf1AoxkVcqgOvgXQ:rGXkFE/UW575tA2eDp1Ao2rgOvgX
                                                                                                                                                                                                MD5:D54FEB9A270B212B0CCB1937C660678A
                                                                                                                                                                                                SHA1:224259E5B684C7AC8D79464E51503D302390C5C9
                                                                                                                                                                                                SHA-256:032B83F1003A796465255D9B246050A196488BAC1260F628913E536314AFDED4
                                                                                                                                                                                                SHA-512:29955A6569CA6D039B35BB40C56AEEB75FC765600525D0B469F72C97945970A428951BAB4AF9CD21B3161D5BBA932F853778E2674CA83B14F7ABA009FA53566F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...h........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata..@....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_MD2.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14336
                                                                                                                                                                                                Entropy (8bit):5.047563322651927
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:6alCvH32p3/2pnEhKnLg9yH8puzoFaPERIQAvHD9CIg5kP:5CvHmp3OpnEhmLg9yH8puzoFaPERIQgI
                                                                                                                                                                                                MD5:52DCD4151A9177CF685BE4DF48EA9606
                                                                                                                                                                                                SHA1:F444A4A5CBAE9422B408420115F0D3FF973C9705
                                                                                                                                                                                                SHA-256:D54375DC0652358A6E4E744F1A0EAEEAD87ACCD391A20D6FF324FE14E988A122
                                                                                                                                                                                                SHA-512:64C54B89F2637759309ECC6655831C3A6755924ED70CBC51614061542EB9BA9A8AECF6951EB3AB92447247DC4D7D846C88F4957DBBE4484A9AB934343EE27178
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Q..f.........." ......... ......P.....................................................`.........................................@9.......9..d....`.......P..(............p..(....2...............................2..8............0...............................text...X........................... ..`.rdata..@....0......................@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_MD4.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13824
                                                                                                                                                                                                Entropy (8bit):5.09893680790018
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:xsiXeqVb0lwbH4P01sAD7I/9hAkwDWzBEbcqgqLg:valqH4M1sAD7KvpwDFtgqLg
                                                                                                                                                                                                MD5:F929B1A3997427191E07CF52AC883054
                                                                                                                                                                                                SHA1:C5EA5B68586C2FB09E5FDD20D4DD616D06F5CBA6
                                                                                                                                                                                                SHA-256:5386908173074FABD95BF269A9DF0A4E1B21C0576923186F449ABF4A820F6A8E
                                                                                                                                                                                                SHA-512:2C79DBCE2C21214D979AB86DD989D41A3AFA7FCB7F3B79BA9974E2EE8F832DD7CA20C1C87C0C380DB037D776FE6D0851D60AD55A08AFDE0003B7E59214DD2F3B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ................P.....................................................`.........................................08.......8..d....`.......P..(............p..(....1...............................2..8............0...............................text............................... ..`.rdata..0....0......................@..@.data........@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_MD5.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15360
                                                                                                                                                                                                Entropy (8bit):5.451865349855574
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:KfwogDHER1wuiDSyoGTgDZOviNgEPrLg:ugDHELwuiDScTgDwi+EP
                                                                                                                                                                                                MD5:1FA5E257A85D16E916E9C22984412871
                                                                                                                                                                                                SHA1:1AC8EE98AD0A715A1B40AD25D2E8007CDC19871F
                                                                                                                                                                                                SHA-256:D87A9B7CAD4C451D916B399B19298DC46AAACC085833C0793092641C00334B8E
                                                                                                                                                                                                SHA-512:E4205355B647C6E28B7E4722328F51DC2EB3A109E9D9B90F7C53D7A80A5A4B10E40ABDDAB1BA151E73EF3EB56941F843535663F42DCE264830E6E17BB659EADF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ..... ..........P.....................................................`..........................................8......`9..d....`.......P..X............p..(....1...............................1..8............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_RIPEMD160.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13824
                                                                                                                                                                                                Entropy (8bit):5.104245335186531
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:3F/1n7Guqaj0kt7/Ev9kt0Qwac6QzD8iD0QocqgI4G0S:nGXkd/EvGt9wacNDvAgI4v
                                                                                                                                                                                                MD5:FAD578A026F280C1AE6F787B1FA30129
                                                                                                                                                                                                SHA1:9A3E93818A104314E172A304C3D117B6A66BEB55
                                                                                                                                                                                                SHA-256:74A1FF0801F4704158684267CD8E123F83FB6334FE522C1890AC4A0926F80AB1
                                                                                                                                                                                                SHA-512:ACF8F5B382F3B4C07386505BBDCAF625D13BCC10AA93ED641833E3548261B0AD1063E2F59BE2FCD2AFAF3D315CB3FC5EB629CEFC168B33CFD65A3A6F1120F7FF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ......... ......P.....................................................`..........................................9.......:..d....`.......P...............p..(...@3..............................`3..8............0...............................text...H........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata.......P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_SHA1.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17920
                                                                                                                                                                                                Entropy (8bit):5.671305741258107
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:APHoDUntQj0sKhDOJ+0QPSfu6rofDjiZzgE+kbwb:VUOYsKNO466DjoUE+
                                                                                                                                                                                                MD5:556E6D0E5F8E4DA74C2780481105D543
                                                                                                                                                                                                SHA1:7A49CDEF738E9FE9CD6CD62B0F74EAD1A1774A33
                                                                                                                                                                                                SHA-256:247B0885CF83375211861F37B6DD1376AED5131D621EE0137A60FE7910E40F8B
                                                                                                                                                                                                SHA-512:28FA0CE6BDBCC5E95B80AADC284C12658EF0C2BE63421AF5627776A55050EE0EA0345E30A15B744FC2B2F5B1B1BBB61E4881F27F6E3E863EBAAEED1073F4CDA1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." .....*..........P.....................................................`..........................................H......hI..d....p.......`..X...............(....A...............................A..8............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........P.......<..............@....pdata..X....`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_SHA224.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21504
                                                                                                                                                                                                Entropy (8bit):5.878701941774916
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:EJWo4IRCGHX1KXqHGcvYHp5RYcARQOj4MSTjqgPmJD1OhgkxEv:EcIRnHX1P/YtswvaD1Rk
                                                                                                                                                                                                MD5:2F2655A7BBFE08D43013EDDA27E77904
                                                                                                                                                                                                SHA1:33D51B6C423E094BE3E34E5621E175329A0C0914
                                                                                                                                                                                                SHA-256:C734ABBD95EC120CB315C43021C0E1EB1BF2295AF9F1C24587334C3FCE4A5BE1
                                                                                                                                                                                                SHA-512:8AF99ACC969B0E560022F75A0CDCAA85D0BDEADADEACD59DD0C4500F94A5843EA0D4107789C1A613181B1F4E5252134A485EF6B1D9D83CDB5676C5FEE4D49B90
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_SHA256.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21504
                                                                                                                                                                                                Entropy (8bit):5.881781476285865
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:EJWo4IRCGHXfKXqHGcvYHp5RYcARQOj4MSTjqgPmJD12gkxEv:EcIRnHXfP/YtswvaD1zk
                                                                                                                                                                                                MD5:CDE035B8AB3D046B1CE37EEE7EE91FA0
                                                                                                                                                                                                SHA1:4298B62ED67C8D4F731D1B33E68D7DC9A58487FF
                                                                                                                                                                                                SHA-256:16BEA322D994A553B293A724B57293D57DA62BC7EAF41F287956B306C13FD972
                                                                                                                                                                                                SHA-512:C44FDEE5A210459CE4557351E56B2D357FD4937F8EC8EACEAB842FEE29761F66C2262FCBAAC837F39C859C67FA0E23D13E0F60B3AE59BE29EB9D8ABAB0A572BB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_SHA384.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):26624
                                                                                                                                                                                                Entropy (8bit):5.837887867708438
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:e839Cc4itui0gel9soFdkO66MlPGXmXcyYDTzks:Ns4u/FZ6nPxMLDvk
                                                                                                                                                                                                MD5:999D431197D7E06A30E0810F1F910B9A
                                                                                                                                                                                                SHA1:9BFF781221BCFFD8E55485A08627EC2A37363C96
                                                                                                                                                                                                SHA-256:AB242B9C9FB662C6F7CB57F7648F33983D6FA3BB0683C5D4329EC2CC51E8C875
                                                                                                                                                                                                SHA-512:A5DD92DD471ADB44EEFE5919EF9CA3978724E21174DF5B3A9C1F0AB462F928E5A46A460D02417DB7522F5DE3BFEED5EEE6B1EAFAF3E621722E85E72675F7096F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....H..."......P.....................................................`..........................................k.......l..d...............................(...pd...............................d..8............`...............................text....F.......H.................. ..`.rdata.......`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_SHA512.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):26624
                                                                                                                                                                                                Entropy (8bit):5.895310340516013
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:lcX9Nf4ttui0gel9soFdkO66MlPGXmXc/vDTOvk:a38u/FZ6nPxM3DAk
                                                                                                                                                                                                MD5:0931ABBF3AED459B1A2138B551B1D3BB
                                                                                                                                                                                                SHA1:9EC0296DDAF574A89766A2EC035FC30073863AB0
                                                                                                                                                                                                SHA-256:1729A0DC6B80CB7A3C07372B98B10D3C6C613EA645240878E1FDE6A992FA06F1
                                                                                                                                                                                                SHA-512:9F970BB4D10B94F525DDDDE307C7DA5E672BBFB3A3866A34B89B56ADA99476724FD690A4396857182749294F67F36DB471A048789FB715D2A7DAF46917FC1947
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....H..."......P.....................................................`.........................................@l......(m..d...............................(....d...............................e..8............`...............................text...hG.......H.................. ..`.rdata..x....`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_ghash_clmul.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12800
                                                                                                                                                                                                Entropy (8bit):4.967737129255606
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:dMpWt/1nCuqaL0kt7TsEx2fiTgDZqGF0T7cqgkLgJ:k/k1Ts64DDJyBgkLg
                                                                                                                                                                                                MD5:5F057A380BACBA4EF59C0611549C0E02
                                                                                                                                                                                                SHA1:4B758D18372D71F0AA38075F073722A55B897F71
                                                                                                                                                                                                SHA-256:BCB14DAC6C87C24269D3E60C46B49EFFB1360F714C353318F5BBAA48C79EC290
                                                                                                                                                                                                SHA-512:E1C99E224745B86EE55822C1DBCB4555A11EC31B72D87B46514917EB61E0258A1C6D38C4F592969C17EB4F0F74DA04BCECA31CF1622720E95F0F20E9631792E8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." ................P.....................................................`.........................................P8.......8..d....`.......P...............p..(....1...............................1..8............0...............................text............................... ..`.rdata..2....0......................@..@.data...H....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_ghash_portable.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13312
                                                                                                                                                                                                Entropy (8bit):5.007867576025166
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:bMt/1nCuqaL0ktPH0T7fwtF4zDn2rGacqgRGd:1/kpU3Yv4zDXqgRGd
                                                                                                                                                                                                MD5:49BCA1B7DF076D1A550EE1B7ED3BD997
                                                                                                                                                                                                SHA1:47609C7102F5B1BCA16C6BAD4AE22CE0B8AEE9E9
                                                                                                                                                                                                SHA-256:49E15461DCB76690139E71E9359F7FCF92269DCCA78E3BFE9ACB90C6271080B2
                                                                                                                                                                                                SHA-512:8574D7FA133B72A4A8D1D7D9FDB61053BC88C2D238B7AC7D519BE19972B658C44EA1DE433885E3206927C75DD5D1028F74999E048AB73189585B87630F865466
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_keccak.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15872
                                                                                                                                                                                                Entropy (8bit):5.226023387740053
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:rfRKTN+HLjRskTdf4WazSTkwjEvuY2bylHDiYIgovg:mcHfRl5pauoSjy5DiE
                                                                                                                                                                                                MD5:CB5CFDD4241060E99118DEEC6C931CCC
                                                                                                                                                                                                SHA1:1E7FED96CF26C9F4730A4621CA9D18CECE3E0BCE
                                                                                                                                                                                                SHA-256:A8F809B6A417AF99B75EEEEA3ECD16BDA153CBDA4FFAB6E35CE1E8C884D899C4
                                                                                                                                                                                                SHA-512:8A89E3563C14B81353D251F9F019D8CBF07CB98F78452B8522413C7478A0D77B9ABF2134E4438145D6363CDA39721D2BAE8AD13D1CDACCBB5026619D95F931CF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...U..f.........." ..... ... ......P.....................................................`..........................................9.......9..d....`.......P..X............p..(...p2...............................2..8............0...............................text............ .................. ..`.rdata..@....0.......$..............@..@.data........@.......4..............@....pdata..X....P.......6..............@..@.rsrc........`.......:..............@..@.reloc..(....p.......<..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Hash\_poly1305.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14848
                                                                                                                                                                                                Entropy (8bit):5.262055670423592
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:C/ZN2eq/b04PAHH41F6fnVS0sVn+5CA5Z1cD66WGcqgFjLg:vI4IHHaQfSVnCZyDImgFjLg
                                                                                                                                                                                                MD5:18D2D96980802189B23893820714DA90
                                                                                                                                                                                                SHA1:5DEE494D25EB79038CBC2803163E2EF69E68274C
                                                                                                                                                                                                SHA-256:C2FD98C677436260ACB9147766258CB99780A007114AED37C87893DF1CF1A717
                                                                                                                                                                                                SHA-512:0317B65D8F292332C5457A6B15A77548BE5B2705F34BB8F4415046E3E778580ABD17B233E6CC2755C991247E0E65B27B5634465646715657B246483817CACEB7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...V..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..|............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......."..............@..@.data........@.......0..............@....pdata..|....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Math\_modexp.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):36352
                                                                                                                                                                                                Entropy (8bit):5.913843738203007
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:dspbXtHQY4ubrttQza9CHnZXQsnecAlOF0qZLAXxQI3Sya6XPpMg3Yx8MnDcCPSq:7Y44UagH6cAFCLUSYpMg3YDzPo5kG9G
                                                                                                                                                                                                MD5:EF472BA63FD22922CA704B1E7B95A29E
                                                                                                                                                                                                SHA1:700B68E7EF95514D5E94D3C6B10884E1E187ACD8
                                                                                                                                                                                                SHA-256:66EEF4E6E0CEEEF2C23A758BFBEDAE7C16282FC93D0A56ACAFC40E871AC3F01C
                                                                                                                                                                                                SHA-512:DC2060531C4153C43ABF30843BCB5F8FA082345CA1BB57F9AC8695EDDB28FF9FDA8132B6B6C67260F779D95FCADCAE2811091BCA300AB1E041FAE6CC7B50ABD8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...^..f.........." .....`...0......`.....................................................`..........................................~..|...L...d...............<...............(....q...............................q..8............p..(............................text...X^.......`.................. ..`.rdata.......p.......d..............@..@.data................x..............@....pdata..<...........................@..@.rsrc...............................@..@.reloc..(...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Protocol\_scrypt.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                                Entropy (8bit):4.735350805948923
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:rhsC3eqv6b0q3OQ3rHu5bc64OhD2I/p3cqgONLg:r/Hq3jHuY64OhDJJgONLg
                                                                                                                                                                                                MD5:3B1CE70B0193B02C437678F13A335932
                                                                                                                                                                                                SHA1:063BFD5A32441ED883409AAD17285CE405977D1F
                                                                                                                                                                                                SHA-256:EB2950B6A2185E87C5318B55132DFE5774A5A579259AB50A7935A7FB143EA7B1
                                                                                                                                                                                                SHA-512:0E02187F17DFCFD323F2F0E62FBFE35F326DCF9F119FC8B15066AFAEEE4EB7078184BC85D571B555E9E67A2DD909EC12D8A67E3D075E9B1283813EF274E05C0D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...Z..f.........." ................P.....................................................`..........................................8..d....8..d....`.......P..4............p..(....1...............................1..8............0...............................text...H........................... ..`.rdata..0....0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\PublicKey\_curve25519.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22528
                                                                                                                                                                                                Entropy (8bit):5.705606408072877
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:19BcRxBmau38CYIl9bhgIW0mvufueNr359/tjGGDEFSegqrA:NcRy38J+9dmvufFtaGDV
                                                                                                                                                                                                MD5:FF33C306434DEC51D39C7BF1663E25DA
                                                                                                                                                                                                SHA1:665FCF47501F1481534597C1EAC2A52886EF0526
                                                                                                                                                                                                SHA-256:D0E3B6A2D0E073B2D9F0FCDB051727007943A17A4CA966D75EBA37BECDBA6152
                                                                                                                                                                                                SHA-512:66A909DC9C3B7BD4050AA507CD89B0B3A661C85D33C881522EC9568744953B698722C1CBFF093F9CBCD6119BD527FECAB05A67F2E32EC479BE47AFFA4377362C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...\..f.........." .....6...$......P.....................................................`.........................................`Y......`Z..d............p..................(....R..............................0R..8............P...............................text...(5.......6.................. ..`.rdata.......P.......:..............@..@.data........`.......J..............@....pdata.......p.......P..............@..@.rsrc................T..............@..@.reloc..(............V..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\PublicKey\_curve448.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):70656
                                                                                                                                                                                                Entropy (8bit):6.0189903352673655
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:Jfju4GgRMgWWnEDZiECgd/iwOXUQdbhov0Clb8Cx4hpK8ithLFIDullRPwDHxXOa:pXRMgWiEDZiECgd/iwOXUQdbhov0ClbU
                                                                                                                                                                                                MD5:F267BF4256F4105DAD0D3E59023011ED
                                                                                                                                                                                                SHA1:9BC6CA0F375CE49D5787C909D290C07302F58DA6
                                                                                                                                                                                                SHA-256:1DDE8BE64164FF96B2BAB88291042EB39197D118422BEE56EB2846E7A2D2F010
                                                                                                                                                                                                SHA-512:A335AF4DBF1658556ED5DC13EE741419446F7DAEC6BD2688B626A803FA5DD76463D6367C224E0B79B17193735E2C74BA417C26822DAEEF05AC3BAB1588E2DE83
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...\..f.........." .........8......`........................................P............`.............................................0.......d....0....... ..$............@..(.......................................8............................................text...8........................... ..`.rdata..............................@..@.data...............................@....pdata..$.... ......................@..@.rsrc........0......................@..@.reloc..(....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\PublicKey\_ec_ws.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):770560
                                                                                                                                                                                                Entropy (8bit):7.613224993327352
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:XtIrHoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h:XtIrHoxJFf1p34hcrn5Go9yQO6
                                                                                                                                                                                                MD5:1EFD7F7CB1C277416011DE6F09C355AF
                                                                                                                                                                                                SHA1:C0F97652AC2703C325AB9F20826A6F84C63532F2
                                                                                                                                                                                                SHA-256:AB45FA80A68DB1635D41DC1A4AAD980E6716DAC8C1778CB5F30CDB013B7DF6E6
                                                                                                                                                                                                SHA-512:2EC4B88A1957733043BBD63CEAA6F5643D446DB607B3267FAD1EC611E6B0AF697056598AAC2AE5D44AB2B9396811D183C32BCE5A0FF34E583193A417D1C5226B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.. .. .. ... .. ..!.. ..!.. .. .. ..!.. ..!.. ..!.. \..!.. \..!.. \.r .. \..!.. Rich.. ................PE..d...[..f.........." ................`.....................................................`.............................................h.......d...............................0......................................8...............(............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\PublicKey\_ed25519.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):26112
                                                                                                                                                                                                Entropy (8bit):5.8551858881598795
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:BczadRwoF2MZ81n0XTyMCYIl9bhgIW0mv8aeadRcwRwftjGLD2pRQNgQQ77k:2udRf2MuMJ+9dmv8aea34taLDcfQ
                                                                                                                                                                                                MD5:C5FB377F736ED731B5578F57BB765F7A
                                                                                                                                                                                                SHA1:5BA51E11F4DE1CAEDEBA0F7D4D10EC62EC109E01
                                                                                                                                                                                                SHA-256:32073DF3D5C85ABCE7D370D6E341EF163A8350F6A9EDC775C39A23856CCFDD53
                                                                                                                                                                                                SHA-512:D361BCDAF2C700D5A4AC956D96E00961432C05A1B692FC870DB53A90F233A6D24AA0C3BE99E40BD8E5B7C6C1B2BCDCDCFC545292EF321486FFC71C5EA7203E6A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...]..f.........." .....B...&......P.....................................................`..........................................i..0....k..d...............................(... b..............................@b..8............`...............................text....A.......B.................. ..`.rdata..P....`.......F..............@..@.data........p.......V..............@....pdata...............^..............@..@.rsrc................b..............@..@.reloc..(............d..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\PublicKey\_ed448.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):84992
                                                                                                                                                                                                Entropy (8bit):6.064677498000638
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:BrYNvxcZeLrIeNs2qkTwe57DsuP45PqAqVDK9agdUiwOXyQdDrov0slb8gx4TBKW:Br4vxcZeLrIeN1TvHsuP45yAqVDK9ag3
                                                                                                                                                                                                MD5:8A0C0AA820E98E83AC9B665A9FD19EAF
                                                                                                                                                                                                SHA1:6BF5A14E94D81A55A164339F60927D5BF1BAD5C4
                                                                                                                                                                                                SHA-256:4EE3D122DCFFE78E6E7E76EE04C38D3DC6A066E522EE9F7AF34A09649A3628B1
                                                                                                                                                                                                SHA-512:52496AE7439458DEDB58A65DF9FFDCC3A7F31FC36FE7202FB43570F9BB03ABC0565F5EF32E5E6C048ED3EBC33018C19712E58FF43806119B2FB5918612299E7E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...^..f.........." .........8......`.....................................................`..........................................C..h...HE..d....p.......`..l...............(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata..l....`.......>..............@..@.rsrc........p.......H..............@..@.reloc..(............J..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Util\_cpuid_c.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10240
                                                                                                                                                                                                Entropy (8bit):4.675380950473425
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:frQRpBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSztllIDpqf4AZaRcX6gnO:Qddz2KTnThIz0qfteRIDgRWcqgnCWt
                                                                                                                                                                                                MD5:44B930B89CE905DB4716A548C3DB8DEE
                                                                                                                                                                                                SHA1:948CBFF12A243C8D17A7ACD3C632EE232DF0F0ED
                                                                                                                                                                                                SHA-256:921C2D55179C0968535B20E9FD7AF55AD29F4CE4CF87A90FE258C257E2673AA5
                                                                                                                                                                                                SHA-512:79DF755BE8B01D576557A4CB3F3200E5EE1EDE21809047ABB9FF8D578C535AC1EA0277EDA97109839A7607AF043019F2C297E767441C7E11F81FDC87FD1B6EFC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ................P........................................p............`.........................................@'..|....'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Crypto\Util\_strxor.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10240
                                                                                                                                                                                                Entropy (8bit):4.625428549874022
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:flipBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSzteXuDVZqYNIfcX6gHCWx:Cddz2KTnThIz0qfteR5DVwYkcqgHCWt
                                                                                                                                                                                                MD5:F24F9356A6BDD29B9EF67509A8BC3A96
                                                                                                                                                                                                SHA1:A26946E938304B4E993872C6721EB8CC1DCBE43B
                                                                                                                                                                                                SHA-256:034BB8EFE3068763D32C404C178BD88099192C707A36F5351F7FDB63249C7F81
                                                                                                                                                                                                SHA-512:C4D3F92D7558BE1A714388C72F5992165DD7A9E1B4FA83B882536030542D93FDAD9148C981F76FFF7868192B301AC9256EDB8C3D5CE5A1A2ACAC183F96C1028B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...Z..f.........." ................P........................................p............`......................................... '..t....'..P....P.......@...............`..(....!...............................!..8............ ...............................text...h........................... ..`.rdata..`.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Pythonwin\mfc140u.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5653536
                                                                                                                                                                                                Entropy (8bit):6.729079283804055
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:ULnsrdZXUTQyJa9qgUUjlQNXkW8GCBTDgHsYogTYn3s3pQMqSj+vTCfEs7ATWYls:UoJUEUYS3zUQFLOAkGkzdnEVomFHKnP+
                                                                                                                                                                                                MD5:CD1D99DF975EE5395174DF834E82B256
                                                                                                                                                                                                SHA1:F395ADA2EFC6433B34D5FBC5948CB47C7073FA43
                                                                                                                                                                                                SHA-256:D8CA1DEA862085F0204680230D29BFF4D168FFF675AB4700EEAF63704D995CB3
                                                                                                                                                                                                SHA-512:397F725E79CA2C68799CF68DFB111A1570427F3D2175D740758C387BDAA508BC9014613E997B92FC96E884F66BB17F453F8AA035731AFD022D9A4E7095616F87
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.cu...&...&...&...'...&...'...&...'...&..&...&G..'...&G..'...&...'...&...&..&G..'...&G..'...&G..'...&G..'...&G..&...&G..'...&Rich...&................PE..d...9.:e.........." .....(-..X)......X,.......................................V.....&~V...`A..........................................:.....h.;.......?......`=..8....V. (...PU.0p..P.5.T...........................`...8............@-.P...(.:......................text....&-......(-................. ..`.rdata.......@-......,-.............@..@.data....6... <.......<.............@....pdata...8...`=..:....<.............@..@.didat..H.....?.......?.............@....rsrc.........?.......?.............@..@.reloc..0p...PU..r....T.............@..B................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\Pythonwin\win32ui.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1143296
                                                                                                                                                                                                Entropy (8bit):6.0410832425584795
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:dk6co2gGIs7ZetrV6LMEsKK+Onc8fUqzFVVppS6yZAXz:dkG2QQetrgsK79qzFHL
                                                                                                                                                                                                MD5:F0116137D0674482247D056642DC06BF
                                                                                                                                                                                                SHA1:5BB63FCF5E569D94B61383D1921F758BCC48EF81
                                                                                                                                                                                                SHA-256:8ECA3ED313003D3F3DEE1B7A5CE90B50E8477EC6E986E590E5ED91C919FC7564
                                                                                                                                                                                                SHA-512:A8D6420C491766302C615E38DAF5D9B1698E5765125FD256530508E5C0A5675A7BF2F338A22368E0B4DDFA507D8D377507376C477CF9B829E28F3C399203CDE6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*.K.K...K...K...3]..K..Y>...K.......K...3...K...>...K...>...K...>...K...K...M...>...K..Y>...K..Y>...K..Y>1..K..Y>...K..Rich.K..........................PE..d......g.........." .........r......4.....................................................`.........................................`....T..hr..h...............................l\......T.......................(.......8................0...........................text............................... ..`.rdata..|...........................@..@.data...............................@....pdata...............d..............@..@.rsrc...............................@..@.reloc..l\.......^..................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\VCRUNTIME140.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):98736
                                                                                                                                                                                                Entropy (8bit):6.474996871326343
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:BxhUQePlHhR46rXHHGI+mAAD4AeDuXMycecb8i10DWZz:Bvk4wHH+mZD4ADAecb8G1
                                                                                                                                                                                                MD5:F12681A472B9DD04A812E16096514974
                                                                                                                                                                                                SHA1:6FD102EB3E0B0E6EEF08118D71F28702D1A9067C
                                                                                                                                                                                                SHA-256:D66C3B47091CEB3F8D3CC165A43D285AE919211A0C0FCB74491EE574D8D464F8
                                                                                                                                                                                                SHA-512:7D3ACCBF84DE73FB0C5C0DE812A9ED600D39CD7ED0F99527CA86A57CE63F48765A370E913E3A46FFC2CCD48EE07D823DAFDD157710EEF9E7CC1EB7505DC323A2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.&k..H8..H8..H8.I9..H8...8..H8..I8(.H8e.K9..H8e.L9..H8e.M9..H8e.H9..H8e..8..H8e.J9..H8Rich..H8................PE..d....9............" ... .....`......`.....................................................`A........................................0C..4...dK...............p..p....Z...'...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......B..............@....pdata..p....p.......F..............@..@_RDATA..\............R..............@..@.rsrc................T..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\VCRUNTIME140_1.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):38304
                                                                                                                                                                                                Entropy (8bit):6.3923853431578035
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:Xhh4pTUUtmUwqiu8oSRjez6SD7GkxZYj/9zLUr:xJ9x70GkxuZz2
                                                                                                                                                                                                MD5:75E78E4BF561031D39F86143753400FF
                                                                                                                                                                                                SHA1:324C2A99E39F8992459495182677E91656A05206
                                                                                                                                                                                                SHA-256:1758085A61527B427C4380F0C976D29A8BEE889F2AC480C356A3F166433BF70E
                                                                                                                                                                                                SHA-512:CE4DAF46BCE44A89D21308C63E2DE8B757A23BE2630360209C4A25EB13F1F66A04FBB0A124761A33BBF34496F2F2A02B8DF159B4B62F1B6241E1DBFB0E5D9756
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L......................h.........G.........:...h.......h.......h.......h.......h.+.....h.......Rich............................PE..d................." ... .:...6.......A..............................................B.....`A.........................................m.......m..x....................n...'......D....c..p...........................`b..@............P..`............................text....9.......:.................. ..`.rdata..."...P...$...>..............@..@.data................b..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..D............l..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\_asyncio.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):63864
                                                                                                                                                                                                Entropy (8bit):6.138931224373156
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:PQ/9uukni8rAr1QxZIbmQhID5ntG7SytPxE:IVuHe5QxZIbmQhID5nYHxE
                                                                                                                                                                                                MD5:2859C39887921DAD2FF41FEDA44FE174
                                                                                                                                                                                                SHA1:FAE62FAF96223CE7A3E6F7389A9B14B890C24789
                                                                                                                                                                                                SHA-256:AEBC378DB08617EA81A0A3A3BC044BCC7E6303E314630392DD51BAB12F879BD9
                                                                                                                                                                                                SHA-512:790BE0C95C81EB6D410E53FE8018E2CA5EFD1838DC60539EBB011911C36C8478333EE95989CFD1DDAF4F892B537AE8305EB4CD893906930DEAE59C8965CF2FBB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T..c...c...c.......c...b...c...f...c...g...c...`...c...b...c.Q.b...c...b...c...n...c...c...c.......c...a...c.Rich..c.........................PE..d...^.Vc.........." ...!.R..........`................................................X....`.............................................P.......d.......................x)..........pw..T...........................0v..@............p...............................text....P.......R.................. ..`.rdata..ZK...p...L...V..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\_bz2.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):83328
                                                                                                                                                                                                Entropy (8bit):6.532254531979707
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:douLz7p5Tcayt0KpkKWVa5cNRT8+smUxJIDtVH7SyD8Px:2uLz9meVamQ+sLxJIDtVHVsx
                                                                                                                                                                                                MD5:4101128E19134A4733028CFAAFC2F3BB
                                                                                                                                                                                                SHA1:66C18B0406201C3CFBBA6E239AB9EE3DBB3BE07D
                                                                                                                                                                                                SHA-256:5843872D5E2B08F138A71FE9BA94813AFEE59C8B48166D4A8EB0F606107A7E80
                                                                                                                                                                                                SHA-512:4F2FC415026D7FD71C5018BC2FFDF37A5B835A417B9E5017261849E36D65375715BAE148CE8F9649F9D807A63AC09D0FB270E4ABAE83DFA371D129953A5422CA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U...U...U...\.E._......W....+.V......X......]......Q......V......W...U..........]......T....).T......T...RichU...........PE..d...t.Vc.........." ...!.....^......,........................................P......nP....`.........................................p...H............0....... .. ........)...@..........T...........................p...@............................................text...O........................... ..`.rdata..L>.......@..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\_cffi_backend.cp311-win_amd64.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):178176
                                                                                                                                                                                                Entropy (8bit):6.165902427203749
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:87aw5iwiVHprp0+/aSdXUONX9dAXS7qkSTLkKh23/qZl:87kBVHplaSdRj4LkSTLLhW/q
                                                                                                                                                                                                MD5:739D352BD982ED3957D376A9237C9248
                                                                                                                                                                                                SHA1:961CF42F0C1BB9D29D2F1985F68250DE9D83894D
                                                                                                                                                                                                SHA-256:9AEE90CF7980C8FF694BB3FFE06C71F87EB6A613033F73E3174A732648D39980
                                                                                                                                                                                                SHA-512:585A5143519ED9B38BB53F912CEA60C87F7CE8BA159A1011CF666F390C2E3CC149E0AC601B008E039A0A78EAF876D7A3F64FFF612F5DE04C822C6E214BC2EFDE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A:.#.[.p.[.p.[.p.#.p.[.p..q.[.p..zp.[.p..q.[.p..q.[.p..q.[.pN#.q.[.pj.q.[.p.[.p.[.pM.q.[.p.#.p.[.pM.q.[.pM.xp.[.pM.q.[.pRich.[.p................PE..d......f.........." ...).....B............................................... ............`.........................................PX..l....X.......................................?...............................=..@............................................text...X........................... ..`.rdata..............................@..@.data....].......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\_ctypes.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):123768
                                                                                                                                                                                                Entropy (8bit):6.017133084000375
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:QC7Pgg3AwEWwSQJKoPfLSHcn0YJwyncXf9IDQPj6Exv:Qz5IX8jPfLSMJwykfoy
                                                                                                                                                                                                MD5:6A9CA97C039D9BBB7ABF40B53C851198
                                                                                                                                                                                                SHA1:01BCBD134A76CCD4F3BADB5F4056ABEDCFF60734
                                                                                                                                                                                                SHA-256:E662D2B35BB48C5F3432BDE79C0D20313238AF800968BA0FAA6EA7E7E5EF4535
                                                                                                                                                                                                SHA-512:DEDF7F98AFC0A94A248F12E4C4CA01B412DA45B926DA3F9C4CBC1D2CBB98C8899F43F5884B1BF1F0B941EDAEEF65612EA17438E67745962FF13761300910960D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........:..[y..[y..[y..#.[y.. x..[y.. |..[y.. }..[y.. z..[y.. x..[y.O)}..[y.O)x..[y.).x..[y..[x.h[y.. t..[y.. y..[y.. ...[y.. {..[y.Rich.[y.................PE..d...n.Vc.........." ...!.............]...............................................[....`..........................................Q......TR..........................x)..............T...........................`...@............................................text............................... ..`.rdata...m.......n..................@..@.data...$=...p...8...b..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\_decimal.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):251768
                                                                                                                                                                                                Entropy (8bit):6.543870948107038
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:3JhhPXoWcz5HvcQpq9Sr9pmHboiYE9qWM53pLW1AmXYWtmVS9G:fNXoWcznq9Sr9pyKFh6eS9G
                                                                                                                                                                                                MD5:D47E6ACF09EAD5774D5B471AB3AB96FF
                                                                                                                                                                                                SHA1:64CE9B5D5F07395935DF95D4A0F06760319224A2
                                                                                                                                                                                                SHA-256:D0DF57988A74ACD50B2D261E8B5F2C25DA7B940EC2AAFBEE444C277552421E6E
                                                                                                                                                                                                SHA-512:52E132CE94F21FA253FED4CF1F67E8D4423D8C30224F961296EE9F64E2C9F4F7064D4C8405CD3BB67D3CF880FE4C21AB202FA8CF677E3B4DAD1BE6929DBDA4E2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\F1S.'_..'_..'_.._...'_..\^..'_..\Z..'_..\[..'_..\\..'_..\^..'_..U^..'_..'^..'_..\\..'_..\R..'_..\_..'_..\...'_..\]..'_.Rich.'_.................PE..d...k.Vc.........." ...!.v...<......|...............................................o.....`..........................................T..P....T..................H'......x)......P.......T...........................P...@............................................text...)u.......v.................. ..`.rdata...............z..............@..@.data....*...p...$...R..............@....pdata..H'.......(...v..............@..@.rsrc...............................@..@.reloc..P...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\_hashlib.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):63872
                                                                                                                                                                                                Entropy (8bit):6.166853300594844
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:18njpHxGkYjEEEJkn8cw6ThID5IJt7SyiPx:GnjpHxRJ8w6ThID5IJtEx
                                                                                                                                                                                                MD5:DE4D104EA13B70C093B07219D2EFF6CB
                                                                                                                                                                                                SHA1:83DAF591C049F977879E5114C5FEA9BBBFA0AD7B
                                                                                                                                                                                                SHA-256:39BC615842A176DB72D4E0558F3CDCAE23AB0623AD132F815D21DCFBFD4B110E
                                                                                                                                                                                                SHA-512:567F703C2E45F13C6107D767597DBA762DC5CAA86024C87E7B28DF2D6C77CD06D3F1F97EED45E6EF127D5346679FEA89AC4DC2C453CE366B6233C0FA68D82692
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A.g...g...g.......g..V....g..V....g..V....g..V....g..X....g.......g.......g...g..Qg..X....g..X....g..X.l..g..X....g..Rich.g..........................PE..d...u.Vc.........." ...!.T...~......@?....................................................`.............................................P.......................,........)......\...0}..T............................{..@............p..(............................text...YR.......T.................. ..`.rdata...N...p...P...X..............@..@.data...8...........................@....pdata..,...........................@..@.rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\_lzma.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):158080
                                                                                                                                                                                                Entropy (8bit):6.835761878596918
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:5mGf4k8d79MwyHiRr7tznf49mNoaGjQJplJIDe10Yhx:5Pf4FhMwyMAYOao6P
                                                                                                                                                                                                MD5:337B0E65A856568778E25660F77BC80A
                                                                                                                                                                                                SHA1:4D9E921FEAEE5FA70181EBA99054FFA7B6C9BB3F
                                                                                                                                                                                                SHA-256:613DE58E4A9A80EFF8F8BC45C350A6EAEBF89F85FFD2D7E3B0B266BF0888A60A
                                                                                                                                                                                                SHA-512:19E6DA02D9D25CCEF06C843B9F429E6B598667270631FEBE99A0D12FC12D5DA4FB242973A8351D3BF169F60D2E17FE821AD692038C793CE69DFB66A42211398E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........X...6D..6D..6D..D..6D@.7E..6D@.3E..6D@.2E..6D@.5E..6DN.7E..6D..7E..6D..7D..6DN.;E..6DN.6E..6DN..D..6DN.4E..6DRich..6D........PE..d...~.Vc.........." ...!.d...........8..............................................O.....`..........................................%..L...\%..x....p.......P.......@...)......8.......T...........................p...@............................................text...~c.......d.................. ..`.rdata..............h..............@..@.data........@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..8............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\_multiprocessing.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):33144
                                                                                                                                                                                                Entropy (8bit):6.322628273839125
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:7HI6RwgJ5xeTjOc88hnJ8RIDRtFBYiSyvg7PxWEwm:rIoJ5UTjOc88hJ8RIDRtFB7SyI7Px7
                                                                                                                                                                                                MD5:1386DBC6DCC5E0BE6FEF05722AE572EC
                                                                                                                                                                                                SHA1:470F2715FAFD5CAFA79E8F3B0A5434A6DA78A1BA
                                                                                                                                                                                                SHA-256:0AE3BF383FF998886F97576C55D6BF0A076C24395CF6FCD2265316E9A6E8C007
                                                                                                                                                                                                SHA-512:CA6E5C33273F460C951CB8EC1D74CE61C0025E2EAD6D517C18A6B0365341A0FD334E8976006CD62B72EB5620CCC42CFDD5196E8B10691B8F19F69F851A440293
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w*.|.y.|.y.|.y...y.|.y...x.|.y...x.|.y...x.|.y...x.|.y...x.|.y.|.y.|.yY..x.|.y...x.|.y...x.|.y...y.|.y...x.|.yRich.|.y................PE..d...c.Vc.........." ...!.....<......0................................................5....`.........................................0D..`....D..x....p.......`.......X..x)...........4..T...........................p3..@............0...............................text............................... ..`.rdata..^....0... ..."..............@..@.data........P.......B..............@....pdata.......`.......H..............@..@.rsrc........p.......L..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\_overlapped.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):49536
                                                                                                                                                                                                Entropy (8bit):6.366550718884209
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:elMCtmIWpU6xgIiXgtloX1JuB65VIDst2YiSyvYPxWEwW:elMFxgIIJu45VIDst27SywPx
                                                                                                                                                                                                MD5:01AD7CA8BC27F92355FD2895FC474157
                                                                                                                                                                                                SHA1:15948CD5A601907FF773D0B48E493ADF0D38A1A6
                                                                                                                                                                                                SHA-256:A083E83F609ED7A2FC18A95D44D8F91C9DC74842F33E19E91988E84DB94C3B5B
                                                                                                                                                                                                SHA-512:8FE6AC8430F8DDE45C74F45575365753042642DC9FA9DEFBCF25AE1832BAF6ABB1EA1AD6D087E4ECE5D0590E36CEE1BEEA99845AEF6182C1EEC4BAFDF9557604
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........hW{..9(..9(..9(.q.(..9(.r8)..9(.r<)..9(.r=)..9(.r:)..9(.r8)..9(..8(..9(S{8)..9(S{=)..9(.r4)..9(.r9)..9(.r.(..9(.r;)..9(Rich..9(........PE..d...e.Vc.........." ...!.B...X............................................................`.........................................0...X................................)......,....f..T...........................Pe..@............`...............................text...:A.......B.................. ..`.rdata..$5...`...6...F..............@..@.data................|..............@....pdata..............................@..@.rsrc...............................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\_queue.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):31104
                                                                                                                                                                                                Entropy (8bit):6.35436407327013
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:cQuCvO+MZFryl9SDCg6rXv5mkWsnTBq9ID7UJIYiSy1pCQYIPxh8E9VF0Nyb9:cl+yFp6rXRmk5s9ID7UeYiSyv7PxWER
                                                                                                                                                                                                MD5:FF8300999335C939FCCE94F2E7F039C0
                                                                                                                                                                                                SHA1:4FF3A7A9D9CA005B5659B55D8CD064D2EB708B1A
                                                                                                                                                                                                SHA-256:2F71046891BA279B00B70EB031FE90B379DBE84559CF49CE5D1297EA6BF47A78
                                                                                                                                                                                                SHA-512:F29B1FD6F52130D69C8BD21A72A71841BF67D54B216FEBCD4E526E81B499B9B48831BB7CDFF0BFF6878AAB542CA05D6326B8A293F2FB4DD95058461C0FD14017
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........MX..#...#...#.......#..."...#...&...#...'...#... ...#..."...#.Q."...#..."...#.......#...#...#.......#...!...#.Rich..#.........................PE..d...d.Vc.........." ...!.....8.......................................................K....`..........................................C..L....C..d....p.......`.......P...)..........p4..T...........................03..@............0..0............................text............................... ..`.rdata..R....0......................@..@.data...x....P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\_socket.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):78200
                                                                                                                                                                                                Entropy (8bit):6.239347454910878
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:HJlcAdpEVuju9/s+S+pJGQRivVia3i9IDQw17Sy+Px3sxi:H7ce+uju9/sT+pJGdvVp3i9IDQw1kxZ
                                                                                                                                                                                                MD5:8140BDC5803A4893509F0E39B67158CE
                                                                                                                                                                                                SHA1:653CC1C82BA6240B0186623724AEC3287E9BC232
                                                                                                                                                                                                SHA-256:39715EF8D043354F0AB15F62878530A38518FB6192BC48DA6A098498E8D35769
                                                                                                                                                                                                SHA-512:D0878FEE92E555B15E9F01CE39CFDC3D6122B41CE00EC3A4A7F0F661619F83EC520DCA41E35A1E15650FB34AD238974FE8019577C42CA460DDE76E3891B0E826
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w....................*.......*.......*.......*.......$...............y.......$.......$.......$.......$.......Rich............................PE..d...s.Vc.........." ...!.l...........%.......................................P......h.....`.........................................@...P............0....... ..x.......x)...@..........T...............................@............................................text....k.......l.................. ..`.rdata..Dt.......v...p..............@..@.data...............................@....pdata..x.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\_sqlite3.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):118656
                                                                                                                                                                                                Entropy (8bit):6.2256831065058815
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:fArVnbGK9SGnh8u6rqMD6ciFCrl14zZvV9NdJRvdO5yt6sqM7VjEP/OsYpxtXr9T:YrVSK9SGnh8u6ESx5CVQP/yXZ
                                                                                                                                                                                                MD5:D4324D1E8DB7FCF220C5C541FECCE7E3
                                                                                                                                                                                                SHA1:1CAF5B23AE47F36D797BC6BDD5B75B2488903813
                                                                                                                                                                                                SHA-256:DDBED9D48B17C54FD3005F5A868DD63CB8F3EFE2C22C1821CEBB2FE72836E446
                                                                                                                                                                                                SHA-512:71D56D59E019CF42CEA88203D9C6E50F870CD5C4D5C46991ACBFF3AB9FF13F78D5DBF5D1C2112498FC7E279D41EE27DB279B74B4C08A60BB4098F9E8C296B5D8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......pU..44..44..44..=Ls.04...O.64...O..54...O.94...O.<4...O.74...O.14...F.64..44.15...O.=4...O..54...O..54...O.54..Rich44..........................PE..d.....Vc.........." ...!............ ....................................................`..........................................Z..P....Z...........................)..............T...........................p...@............................................text............................... ..`.rdata..\...........................@..@.data................n..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\_ssl.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):159616
                                                                                                                                                                                                Entropy (8bit):5.9948013841482926
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:qFrIQQey4VWR98w/PQQcXo8uOVrGxn+SQOXLkd1ItS+Q8YuAfxJIDt75EHx:eEeRV29//4QcJuOynyvxX
                                                                                                                                                                                                MD5:069BCCC9F31F57616E88C92650589BDD
                                                                                                                                                                                                SHA1:050FC5CCD92AF4FBB3047BE40202D062F9958E57
                                                                                                                                                                                                SHA-256:CB42E8598E3FA53EEEBF63F2AF1730B9EC64614BDA276AB2CD1F1C196B3D7E32
                                                                                                                                                                                                SHA-512:0E5513FBE42987C658DBA13DA737C547FF0B8006AECF538C2F5CF731C54DE83E26889BE62E5C8A10D2C91D5ADA4D64015B640DAB13130039A5A8A5AB33A723DC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B3"..RL,.RL,.RL,.*.,.RL,.)M-.RL,.)I-.RL,.)H-.RL,.)O-.RL,.)M-.RL,b(M-.RL,.RM,.SL,. M-.RL,.)A-.RL,.)L-.RL,.).,.RL,.)N-.RL,Rich.RL,........................PE..d.....Vc.........." ...!............l+....................................................`.............................................d............`.......P.......F...)...p..4... ...T...............................@...............x............................text............................... ..`.rdata..............................@..@.data....j.......f..................@....pdata.......P......."..............@..@.rsrc........`......................@..@.reloc..4....p.......8..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\_uuid.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):23936
                                                                                                                                                                                                Entropy (8bit):6.530276573558295
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:MPfwFpEW56TfQJIDew63IYiSy1pCQIJPxh8E9VF0NyYk:MPqpEbjQJIDew1YiSyvWPxWEW
                                                                                                                                                                                                MD5:9A4957BDC2A783ED4BA681CBA2C99C5C
                                                                                                                                                                                                SHA1:F73D33677F5C61DEB8A736E8DDE14E1924E0B0DC
                                                                                                                                                                                                SHA-256:F7F57807C15C21C5AA9818EDF3993D0B94AEF8AF5808E1AD86A98637FC499D44
                                                                                                                                                                                                SHA-512:027BDCB5B3E0CA911EE3C94C42DA7309EA381B4C8EC27CF9A04090FFF871DB3CF9B7B659FDBCFFF8887A058CB9B092B92D7D11F4F934A53BE81C29EF8895AC2B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Rp^.<#^.<#^.<#W..#\.<#..="\.<#..9"R.<#..8"V.<#..?"].<#..="\.<#..="[.<#^.=#t.<#..4"_.<#..<"_.<#...#_.<#..>"_.<#Rich^.<#................PE..d...e.Vc.........." ...!.....&...... ........................................p......_.....`.........................................`)..L....)..x....P.......@.......4...)...`..@...`#..T........................... "..@............ ..8............................text...h........................... ..`.rdata....... ......................@..@.data........0.......$..............@....pdata.......@.......&..............@..@.rsrc........P.......(..............@..@.reloc..@....`.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22112
                                                                                                                                                                                                Entropy (8bit):4.744270711412692
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:zFOhcWqhWpvWEXCVWQ4iWwklRxwVIX01k9z3AROVaz4ILS:zFlWqhWpk6R9zeU0J2
                                                                                                                                                                                                MD5:E8B9D74BFD1F6D1CC1D99B24F44DA796
                                                                                                                                                                                                SHA1:A312CFC6A7ED7BF1B786E5B3FD842A7EEB683452
                                                                                                                                                                                                SHA-256:B1B3FD40AB437A43C8DB4994CCFFC7F88000CC8BB6E34A2BCBFF8E2464930C59
                                                                                                                                                                                                SHA-512:B74D9B12B69DB81A96FC5A001FD88C1E62EE8299BA435E242C5CB2CE446740ED3D8A623E1924C2BC07BFD9AEF7B2577C9EC8264E53E5BE625F4379119BAFCC27
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....dZ..........." .........0...............................................@............`A........................................p...,............0...............0..`&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22120
                                                                                                                                                                                                Entropy (8bit):4.602255667966723
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:NWqhWEWEXCVWQ4cRWvBQrVXC4dlgX01k9z3AUj7W6SxtR:NWqhWPlZVXC4deR9zVj7QR
                                                                                                                                                                                                MD5:CFE0C1DFDE224EA5FED9BD5FF778A6E0
                                                                                                                                                                                                SHA1:5150E7EDD1293E29D2E4D6BB68067374B8A07CE6
                                                                                                                                                                                                SHA-256:0D0F80CBF476AF5B1C9FD3775E086ED0DFDB510CD0CC208EC1CCB04572396E3E
                                                                                                                                                                                                SHA-512:B0E02E1F19CFA7DE3693D4D63E404BDB9D15527AC85A6D492DB1128BB695BFFD11BEC33D32F317A7615CB9A820CD14F9F8B182469D65AF2430FFCDBAD4BD7000
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....N7.........." .........0...............................................@............`A........................................p................0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22120
                                                                                                                                                                                                Entropy (8bit):4.606873381830854
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:T0WqhWnWEXCVWQ4mW5ocADB6ZX01k9z3AkprGvV:T0WqhW8VcTR9zJpr4V
                                                                                                                                                                                                MD5:33BBECE432F8DA57F17BF2E396EBAA58
                                                                                                                                                                                                SHA1:890DF2DDDFDF3EECCC698312D32407F3E2EC7EB1
                                                                                                                                                                                                SHA-256:7CF0944901F7F7E0D0B9AD62753FC2FE380461B1CCE8CDC7E9C9867C980E3B0E
                                                                                                                                                                                                SHA-512:619B684E83546D97FC1D1BC7181AD09C083E880629726EE3AF138A9E4791A6DCF675A8DF65DC20EDBE6465B5F4EAC92A64265DF37E53A5F34F6BE93A5C2A7AE5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....IL..........." .........0...............................................@...........`A........................................p................0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22136
                                                                                                                                                                                                Entropy (8bit):4.65169290018864
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:qzmxD3T4qLWqhW2WJWadJCsVWQ4mW/xNVAv+cQ0GX01k9z3ARoanSwT44:qzQVWqhWTCsiNbZR9zQoUSwTJ
                                                                                                                                                                                                MD5:EB0978A9213E7F6FDD63B2967F02D999
                                                                                                                                                                                                SHA1:9833F4134F7AC4766991C918AECE900ACFBF969F
                                                                                                                                                                                                SHA-256:AB25A1FE836FC68BCB199F1FE565C27D26AF0C390A38DA158E0D8815EFE1103E
                                                                                                                                                                                                SHA-512:6F268148F959693EE213DB7D3DB136B8E3AD1F80267D8CBD7D5429C021ADACCC9C14424C09D527E181B9C9B5EA41765AFF568B9630E4EB83BFC532E56DFE5B63
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d................." .........0...............................................@............`A........................................p................0...............0..x&..............p............................................................................rdata..H...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):26216
                                                                                                                                                                                                Entropy (8bit):4.866487428274293
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:gaNYPvVX8rFTsCWqhWVWEXCVWQ4mWPJlBLrp0KBQfX01k9z3ALkBw:WPvVX8WqhWiyBRxB+R9z2kBw
                                                                                                                                                                                                MD5:EFAD0EE0136532E8E8402770A64C71F9
                                                                                                                                                                                                SHA1:CDA3774FE9781400792D8605869F4E6B08153E55
                                                                                                                                                                                                SHA-256:3D2C55902385381869DB850B526261DDEB4628B83E690A32B67D2E0936B2C6ED
                                                                                                                                                                                                SHA-512:69D25EDF0F4C8AC5D77CB5815DFB53EAC7F403DC8D11BFE336A545C19A19FFDE1031FA59019507D119E4570DA0D79B95351EAC697F46024B4E558A0FF6349852
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....(............" .........@...............................................P......z.....`A........................................p................@...............@..h&..............p............................................................................rdata..|........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22136
                                                                                                                                                                                                Entropy (8bit):4.619913450163593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:iDGaWqhWhWJWadJCsVWQ4mWd9afKUSIX01k9z3AEXzAU9:i6aWqhWACs92IR9z5EU9
                                                                                                                                                                                                MD5:1C58526D681EFE507DEB8F1935C75487
                                                                                                                                                                                                SHA1:0E6D328FAF3563F2AAE029BC5F2272FB7A742672
                                                                                                                                                                                                SHA-256:EF13DCE8F71173315DFC64AB839B033AB19A968EE15230E9D4D2C9D558EFEEE2
                                                                                                                                                                                                SHA-512:8EDB9A0022F417648E2ECE9E22C96E2727976332025C3E7D8F15BCF6D7D97E680D1BF008EB28E2E0BD57787DCBB71D38B2DEB995B8EDC35FA6852AB1D593F3D1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....RS.........." .........0...............................................@......;.....`A........................................p...L............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):18696
                                                                                                                                                                                                Entropy (8bit):7.054510010549814
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:eVrW1hWbvm0GftpBjzH4m3S9gTlUK3dsl:eVuAViaB/6sl
                                                                                                                                                                                                MD5:BFFFA7117FD9B1622C66D949BAC3F1D7
                                                                                                                                                                                                SHA1:402B7B8F8DCFD321B1D12FC85A1EE5137A5569B2
                                                                                                                                                                                                SHA-256:1EA267A2E6284F17DD548C6F2285E19F7EDB15D6E737A55391140CE5CB95225E
                                                                                                                                                                                                SHA-512:B319CC7B436B1BE165CDF6FFCAB8A87FE29DE78F7E0B14C8F562BE160481FB5483289BD5956FDC1D8660DA7A3F86D8EEDE35C6CC2B7C3D4C852DECF4B2DCDB7F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...4.F>.........." .........................................................0............`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22136
                                                                                                                                                                                                Entropy (8bit):4.625331165566263
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:qzWqhWxWJWadJCsVWQ4mW8RJLNVAv+cQ0GX01k9z3ARo8ef3uBJu:qzWqhWwCsjNbZR9zQoEzu
                                                                                                                                                                                                MD5:E89CDCD4D95CDA04E4ABBA8193A5B492
                                                                                                                                                                                                SHA1:5C0AEE81F32D7F9EC9F0650239EE58880C9B0337
                                                                                                                                                                                                SHA-256:1A489E0606484BD71A0D9CB37A1DC6CA8437777B3D67BFC8C0075D0CC59E6238
                                                                                                                                                                                                SHA-512:55D01E68C8C899E99A3C62C2C36D6BCB1A66FF6ECD2636D2D0157409A1F53A84CE5D6F0C703D5ED47F8E9E2D1C9D2D87CC52585EE624A23D92183062C999B97E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....Hb..........." .........0...............................................@............`A........................................p...`............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22136
                                                                                                                                                                                                Entropy (8bit):4.737397647066978
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:OdxlZWqhWcWJWadJCsVWQ4mWlhtFyttuX01k9z3A2oD:OdxlZWqhWpCsctkSR9zfoD
                                                                                                                                                                                                MD5:ACCC640D1B06FB8552FE02F823126FF5
                                                                                                                                                                                                SHA1:82CCC763D62660BFA8B8A09E566120D469F6AB67
                                                                                                                                                                                                SHA-256:332BA469AE84AA72EC8CCE2B33781DB1AB81A42ECE5863F7A3CB5A990059594F
                                                                                                                                                                                                SHA-512:6382302FB7158FC9F2BE790811E5C459C5C441F8CAEE63DF1E09B203B8077A27E023C4C01957B252AC8AC288F8310BCEE5B4DCC1F7FC691458B90CDFAA36DCBE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....B.l.........." .........0...............................................@.......A....`A........................................p................0...............0..x&..............p............................................................................rdata..|...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22120
                                                                                                                                                                                                Entropy (8bit):4.6569647133331316
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:dwWqhWWWEXCVWQ4mWLnySfKUSIX01k9z3AEXz5SLaDa3:iWqhWJhY2IR9z5YLt3
                                                                                                                                                                                                MD5:C6024CC04201312F7688A021D25B056D
                                                                                                                                                                                                SHA1:48A1D01AE8BC90F889FB5F09C0D2A0602EE4B0FD
                                                                                                                                                                                                SHA-256:8751D30DF554AF08EF42D2FAA0A71ABCF8C7D17CE9E9FF2EA68A4662603EC500
                                                                                                                                                                                                SHA-512:D86C773416B332945ACBB95CBE90E16730EF8E16B7F3CCD459D7131485760C2F07E95951AEB47C1CF29DE76AFFEB1C21BDF6D8260845E32205FE8411ED5EFA47
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...}.o..........." .........0...............................................@......v.....`A........................................p................0...............0..h&..............p............................................................................rdata..L...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22120
                                                                                                                                                                                                Entropy (8bit):4.882042129450427
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:9TvuBL3BBLAWqhWUWEXCVWQ4iWgdCLVx6RMySX01k9z3AzaXQ+BB:9TvuBL3BaWqhW/WSMR9zqaP
                                                                                                                                                                                                MD5:1F2A00E72BC8FA2BD887BDB651ED6DE5
                                                                                                                                                                                                SHA1:04D92E41CE002251CC09C297CF2B38C4263709EA
                                                                                                                                                                                                SHA-256:9C8A08A7D40B6F697A21054770F1AFA9FFB197F90EF1EEE77C67751DF28B7142
                                                                                                                                                                                                SHA-512:8CF72DF019F9FC9CD22FF77C37A563652BECEE0708FF5C6F1DA87317F41037909E64DCBDCC43E890C5777E6BCFA4035A27AFC1AEEB0F5DEBA878E3E9AEF7B02A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....g..........." .........0...............................................@............`A........................................p................0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22120
                                                                                                                                                                                                Entropy (8bit):5.355894399765837
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:0naOMw3zdp3bwjGzue9/0jCRrndbnWqhW5lFydVXC4deR9zVj7xR:FOMwBprwjGzue9/0jCRrndbtGydVXC4O
                                                                                                                                                                                                MD5:724223109E49CB01D61D63A8BE926B8F
                                                                                                                                                                                                SHA1:072A4D01E01DBBAB7281D9BD3ADD76F9A3C8B23B
                                                                                                                                                                                                SHA-256:4E975F618DF01A492AE433DFF0DD713774D47568E44C377CEEF9E5B34AAD1210
                                                                                                                                                                                                SHA-512:19B0065B894DC66C30A602C9464F118E7F84D83010E74457D48E93AACA4422812B093B15247B24D5C398B42EF0319108700543D13F156067B169CCFB4D7B6B7C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...0.&3.........." .........0...............................................@......L0....`A........................................p................0...............0..h&..............p............................................................................rdata..D...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22120
                                                                                                                                                                                                Entropy (8bit):4.771309314175772
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:L0WqhWTWEXCVWQ4cRWdmjKDUX01k9z3AQyMX/7kn:L0WqhWol1pR9zzDY
                                                                                                                                                                                                MD5:3C38AAC78B7CE7F94F4916372800E242
                                                                                                                                                                                                SHA1:C793186BCF8FDB55A1B74568102B4E073F6971D6
                                                                                                                                                                                                SHA-256:3F81A149BA3862776AF307D5C7FEEF978F258196F0A1BF909DA2D3F440FF954D
                                                                                                                                                                                                SHA-512:C2746AA4342C6AFFFBD174819440E1BBF4371A7FED29738801C75B49E2F4F94FD6D013E002BAD2AADAFBC477171B8332C8C5579D624684EF1AFBFDE9384B8588
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...`.@f.........." .........0...............................................@......K.....`A........................................p...l............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22136
                                                                                                                                                                                                Entropy (8bit):4.7115212149950185
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:bWqhWUxWJWadJCsVWQ4mW5iFyttuX01k9z3A2EC:bWqhWUwCs8SR9zfEC
                                                                                                                                                                                                MD5:321A3CA50E80795018D55A19BF799197
                                                                                                                                                                                                SHA1:DF2D3C95FB4CBB298D255D342F204121D9D7EF7F
                                                                                                                                                                                                SHA-256:5476DB3A4FECF532F96D48F9802C966FDEF98EC8D89978A79540CB4DB352C15F
                                                                                                                                                                                                SHA-512:3EC20E1AC39A98CB5F726D8390C2EE3CD4CD0BF118FDDA7271F7604A4946D78778713B675D19DD3E1EC1D6D4D097ABE9CD6D0F76B3A7DFF53CE8D6DBC146870A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...j............" .........0...............................................@............`A........................................p................0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22120
                                                                                                                                                                                                Entropy (8bit):4.893761152454321
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:dEFP2WqhWVWEXCVWQ4mW68vx6RMySX01k9z3AzapOP:eF+WqhWi6gMR9zqa0
                                                                                                                                                                                                MD5:0462E22F779295446CD0B63E61142CA5
                                                                                                                                                                                                SHA1:616A325CD5B0971821571B880907CE1B181126AE
                                                                                                                                                                                                SHA-256:0B6B598EC28A9E3D646F2BB37E1A57A3DDA069A55FBA86333727719585B1886E
                                                                                                                                                                                                SHA-512:07B34DCA6B3078F7D1E8EDE5C639F697C71210DCF9F05212FD16EB181AB4AC62286BC4A7CE0D84832C17F5916D0224D1E8AAB210CEEFF811FC6724C8845A74FE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...L.Y..........." .........0...............................................@............`A........................................p...H............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22136
                                                                                                                                                                                                Entropy (8bit):5.231196901820079
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:/Mck1JzX9cKSI0WqhWsWJWadJCsVWQ4mWClLeyttuX01k9z3A2XCJq:Uck1JzNcKSI0WqhWZCsvfSR9zfyk
                                                                                                                                                                                                MD5:C3632083B312C184CBDD96551FED5519
                                                                                                                                                                                                SHA1:A93E8E0AF42A144009727D2DECB337F963A9312E
                                                                                                                                                                                                SHA-256:BE8D78978D81555554786E08CE474F6AF1DE96FCB7FA2F1CE4052BC80C6B2125
                                                                                                                                                                                                SHA-512:8807C2444A044A3C02EF98CF56013285F07C4A1F7014200A21E20FCB995178BA835C30AC3889311E66BC61641D6226B1FF96331B019C83B6FCC7C87870CCE8C4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....O.j.........." .........0...............................................@......9&....`A........................................p................0...............0..x&..............p............................................................................rdata..d...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22136
                                                                                                                                                                                                Entropy (8bit):4.799245167892134
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:R0DfIeUWqhWLWJWadJCsVWQ4mWFVyttuX01k9z3A2YHmp:R0DfIeUWqhWiCsLSR9zfYHmp
                                                                                                                                                                                                MD5:517EB9E2CB671AE49F99173D7F7CE43F
                                                                                                                                                                                                SHA1:4CCF38FED56166DDBF0B7EFB4F5314C1F7D3B7AB
                                                                                                                                                                                                SHA-256:57CC66BF0909C430364D35D92B64EB8B6A15DC201765403725FE323F39E8AC54
                                                                                                                                                                                                SHA-512:492BE2445B10F6BFE6C561C1FC6F5D1AF6D1365B7449BC57A8F073B44AE49C88E66841F5C258B041547FCD33CBDCB4EB9DD3E24F0924DB32720E51651E9286BE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....#..........." .........0...............................................@.......,....`A........................................p................0...............0..x&..............p............................................................................rdata..\...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22136
                                                                                                                                                                                                Entropy (8bit):4.587063911311469
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:fWqhWeWJWadJCsVWQ4mWMs7DENNVAv+cQ0GX01k9z3ARoIGA/:fWqhWbCs8oNbZR9zQoxS
                                                                                                                                                                                                MD5:F3FF2D544F5CD9E66BFB8D170B661673
                                                                                                                                                                                                SHA1:9E18107CFCD89F1BBB7FDAF65234C1DC8E614ADD
                                                                                                                                                                                                SHA-256:E1C5D8984A674925FA4AFBFE58228BE5323FE5123ABCD17EC4160295875A625F
                                                                                                                                                                                                SHA-512:184B09C77D079127580EF80EB34BDED0F5E874CEFBE1C5F851D86861E38967B995D859E8491FCC87508930DC06C6BBF02B649B3B489A1B138C51A7D4B4E7AAAD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d......e.........." .........0...............................................@............`A........................................p................0...............0..x&..............p............................................................................rdata..P...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22136
                                                                                                                                                                                                Entropy (8bit):4.754374422741657
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:CGeVPWqhWUWJWadJCsVWQ4mWUhSqyttuX01k9z3A2lqn7cq:CGeVPWqhWBCsvoSR9zflBq
                                                                                                                                                                                                MD5:A0C2DBE0F5E18D1ADD0D1BA22580893B
                                                                                                                                                                                                SHA1:29624DF37151905467A223486500ED75617A1DFD
                                                                                                                                                                                                SHA-256:3C29730DF2B28985A30D9C82092A1FAA0CEB7FFC1BD857D1EF6324CF5524802F
                                                                                                                                                                                                SHA-512:3E627F111196009380D1687E024E6FFB1C0DCF4DCB27F8940F17FEC7EFDD8152FF365B43CB7FDB31DE300955D6C15E40A2C8FB6650A91706D7EA1C5D89319B12
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d......Z.........." .........0...............................................@............`A........................................p...<............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22136
                                                                                                                                                                                                Entropy (8bit):4.664553499673792
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:mZyMvr5WqhWAWJWadJCsVWQ4mWWqpNVAv+cQ0GX01k9z3ARo+GZ:mZyMvlWqhWNCsUpNbZR9zQo+GZ
                                                                                                                                                                                                MD5:2666581584BA60D48716420A6080ABDA
                                                                                                                                                                                                SHA1:C103F0EA32EBBC50F4C494BCE7595F2B721CB5AD
                                                                                                                                                                                                SHA-256:27E9D3E7C8756E4512932D674A738BF4C2969F834D65B2B79C342A22F662F328
                                                                                                                                                                                                SHA-512:BEFED15F11A0550D2859094CC15526B791DADEA12C2E7CEB35916983FB7A100D89D638FB1704975464302FAE1E1A37F36E01E4BEF5BC4924AB8F3FD41E60BD0C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....I..........." .........0...............................................@............`A........................................p................0...............0..x&..............p............................................................................rdata..l...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22136
                                                                                                                                                                                                Entropy (8bit):5.146069394118203
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:vUwidv3V0dfpkXc0vVaCsWqhWjCsa2IR9z5Bk5l:sHdv3VqpkXc0vVaP+U9zzk5l
                                                                                                                                                                                                MD5:225D9F80F669CE452CA35E47AF94893F
                                                                                                                                                                                                SHA1:37BD0FFC8E820247BD4DB1C36C3B9F9F686BBD50
                                                                                                                                                                                                SHA-256:61C0EBE60CE6EBABCB927DDFF837A9BF17E14CD4B4C762AB709E630576EC7232
                                                                                                                                                                                                SHA-512:2F71A3471A9868F4D026C01E4258AFF7192872590F5E5C66AABD3C088644D28629BA8835F3A4A23825631004B1AFD440EFE7161BB9FC7D7C69E0EE204813CA7B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....x.........." .........0...............................................@.......J....`A........................................p...X............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22136
                                                                                                                                                                                                Entropy (8bit):4.834520503429805
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:etZ3xWqhWqWJWadJCsVWQ4mWfH/fKUSIX01k9z3AEXz40OY:etZ3xWqhWHCsMH2IR9z5OY
                                                                                                                                                                                                MD5:1281E9D1750431D2FE3B480A8175D45C
                                                                                                                                                                                                SHA1:BC982D1C750B88DCB4410739E057A86FF02D07EF
                                                                                                                                                                                                SHA-256:433BD8DDC4F79AEE65CA94A54286D75E7D92B019853A883E51C2B938D2469BAA
                                                                                                                                                                                                SHA-512:A954E6CE76F1375A8BEAC51D751B575BBC0B0B8BA6AA793402B26404E45718165199C2C00CCBCBA3783C16BDD96F0B2C17ADDCC619C39C8031BECEBEF428CE77
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d................." .........0...............................................@.......w....`A........................................p...x............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22136
                                                                                                                                                                                                Entropy (8bit):4.916367637528538
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:qaIMFSYWqhWzWJWadJCsVWQ4mW14LyttuX01k9z3A2ClV:qdYWqhWqCsISR9zfCT
                                                                                                                                                                                                MD5:FD46C3F6361E79B8616F56B22D935A53
                                                                                                                                                                                                SHA1:107F488AD966633579D8EC5EB1919541F07532CE
                                                                                                                                                                                                SHA-256:0DC92E8830BC84337DCAE19EF03A84EF5279CF7D4FDC2442C1BC25320369F9DF
                                                                                                                                                                                                SHA-512:3360B2E2A25D545CCD969F305C4668C6CDA443BBDBD8A8356FFE9FBC2F70D90CF4540F2F28C9ED3EEA6C9074F94E69746E7705E6254827E6A4F158A75D81065B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...~.l-.........." .........0...............................................@............`A........................................p................0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22136
                                                                                                                                                                                                Entropy (8bit):4.829681745003914
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:HNpWqhW5WJWadJCsVWQ4mWbZyttuX01k9z3A2qkFU:HXWqhW4Cs1SR9zf9U
                                                                                                                                                                                                MD5:D12403EE11359259BA2B0706E5E5111C
                                                                                                                                                                                                SHA1:03CC7827A30FD1DEE38665C0CC993B4B533AC138
                                                                                                                                                                                                SHA-256:F60E1751A6AC41F08E46480BF8E6521B41E2E427803996B32BDC5E78E9560781
                                                                                                                                                                                                SHA-512:9004F4E59835AF57F02E8D9625814DB56F0E4A98467041DA6F1367EF32366AD96E0338D48FFF7CC65839A24148E2D9989883BCDDC329D9F4D27CAE3F843117D0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...>.os.........." .........0...............................................@............`A........................................p...H............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22136
                                                                                                                                                                                                Entropy (8bit):4.612408827336625
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:CWqhW+WJWadJCsVWQ4mWprgfKUSIX01k9z3AEXzh:CWqhW7Cs12IR9z5F
                                                                                                                                                                                                MD5:0F129611A4F1E7752F3671C9AA6EA736
                                                                                                                                                                                                SHA1:40C07A94045B17DAE8A02C1D2B49301FAD231152
                                                                                                                                                                                                SHA-256:2E1F090ABA941B9D2D503E4CD735C958DF7BB68F1E9BDC3F47692E1571AAAC2F
                                                                                                                                                                                                SHA-512:6ABC0F4878BB302713755A188F662C6FE162EA6267E5E1C497C9BA9FDDBDAEA4DB050E322CB1C77D6638ECF1DAD940B9EBC92C43ACAA594040EE58D313CBCFAE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....+..........." .........0...............................................@............`A........................................p...<............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22136
                                                                                                                                                                                                Entropy (8bit):4.918215004381039
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:OvMWqhWkWJWadJCsVWQ4mWoz/HyttuX01k9z3A21O:JWqhWxCs/SSR9zf1O
                                                                                                                                                                                                MD5:D4FBA5A92D68916EC17104E09D1D9D12
                                                                                                                                                                                                SHA1:247DBC625B72FFB0BF546B17FB4DE10CAD38D495
                                                                                                                                                                                                SHA-256:93619259328A264287AEE7C5B88F7F0EE32425D7323CE5DC5A2EF4FE3BED90D5
                                                                                                                                                                                                SHA-512:D5A535F881C09F37E0ADF3B58D41E123F527D081A1EBECD9A927664582AE268341771728DC967C30908E502B49F6F853EEAEBB56580B947A629EDC6BCE2340D8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...Aj............" .........0...............................................@......UJ....`A.........................................................0...............0..x&..............p............................................................................rdata..p...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):26216
                                                                                                                                                                                                Entropy (8bit):4.882777558752248
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:I9cy5WqhWKWEXCVWQ4mW1pbm6yttuX01k9z3A2jyM:Ry5WqhWdcbmLSR9zfjj
                                                                                                                                                                                                MD5:EDF71C5C232F5F6EF3849450F2100B54
                                                                                                                                                                                                SHA1:ED46DA7D59811B566DD438FA1D09C20F5DC493CE
                                                                                                                                                                                                SHA-256:B987AB40CDD950EBE7A9A9176B80B8FFFC005CCD370BB1CBBCAD078C1A506BDC
                                                                                                                                                                                                SHA-512:481A3C8DC5BEF793EE78CE85EC0F193E3E9F6CD57868B813965B312BD0FADEB5F4419707CD3004FBDB407652101D52E061EF84317E8BD458979443E9F8E4079A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...U.gJ.........." .........@...............................................P............`A.........................................................@...............@..h&..............p............................................................................rdata..n........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22120
                                                                                                                                                                                                Entropy (8bit):4.738587310329139
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:TWqhWXWEXCVWQ4mWPXTNyttuX01k9z3A2dGxr:TWqhWMKASR9zfYxr
                                                                                                                                                                                                MD5:F9235935DD3BA2AA66D3AA3412ACCFBF
                                                                                                                                                                                                SHA1:281E548B526411BCB3813EB98462F48FFAF4B3EB
                                                                                                                                                                                                SHA-256:2F6BD6C235E044755D5707BD560A6AFC0BA712437530F76D11079D67C0CF3200
                                                                                                                                                                                                SHA-512:AD0C0A7891FB8328F6F0CF1DDC97523A317D727C15D15498AFA53C07610210D2610DB4BC9BD25958D47ADC1AF829AD4D7CF8AABCAB3625C783177CCDB7714246
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...9.4o.........." .........0...............................................@......h*....`A............................................"............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22120
                                                                                                                                                                                                Entropy (8bit):5.202163846121633
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:2pUEpnWlC0i5CBWqhWXLeWEXCVWQ4iW+/x6RMySX01k9z3Aza8Az629:2ptnWm5CBWqhWtWMR9zqaH629
                                                                                                                                                                                                MD5:5107487B726BDCC7B9F7E4C2FF7F907C
                                                                                                                                                                                                SHA1:EBC46221D3C81A409FAB9815C4215AD5DA62449C
                                                                                                                                                                                                SHA-256:94A86E28E829276974E01F8A15787FDE6ED699C8B9DC26F16A51765C86C3EADE
                                                                                                                                                                                                SHA-512:A0009B80AD6A928580F2B476C1BDF4352B0611BB3A180418F2A42CFA7A03B9F0575ED75EC855D30B26E0CCA96A6DA8AFFB54862B6B9AFF33710D2F3129283FAA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...2............." .........0...............................................@......M4....`A.........................................................0...............0..h&..............p............................................................................rdata..0...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22120
                                                                                                                                                                                                Entropy (8bit):4.866983142029453
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:0vh8Y17aFBRsWqhW9AWEXCVWQ4mWCB4Lrp0KBQfX01k9z3ALkg5Z7:SL5WqhW9boRxB+R9z2kM7
                                                                                                                                                                                                MD5:D5D77669BD8D382EC474BE0608AFD03F
                                                                                                                                                                                                SHA1:1558F5A0F5FACC79D3957FF1E72A608766E11A64
                                                                                                                                                                                                SHA-256:8DD9218998B4C4C9E8D8B0F8B9611D49419B3C80DAA2F437CBF15BCFD4C0B3B8
                                                                                                                                                                                                SHA-512:8DEFA71772105FD9128A669F6FF19B6FE47745A0305BEB9A8CADB672ED087077F7538CD56E39329F7DAA37797A96469EAE7CD5E4CCA57C9A183B35BDC44182F3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...."]..........." .........0...............................................@............`A.........................................................0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22136
                                                                                                                                                                                                Entropy (8bit):4.828044267819929
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:dUnWqhWRWJWadJCsVWQ4mW+2PyttuX01k9z3A23y:cWqhWQCsHSR9zf3y
                                                                                                                                                                                                MD5:650435E39D38160ABC3973514D6C6640
                                                                                                                                                                                                SHA1:9A5591C29E4D91EAA0F12AD603AF05BB49708A2D
                                                                                                                                                                                                SHA-256:551A34C400522957063A2D71FA5ABA1CD78CC4F61F0ACE1CD42CC72118C500C0
                                                                                                                                                                                                SHA-512:7B4A8F86D583562956593D27B7ECB695CB24AB7192A94361F994FADBA7A488375217755E7ED5071DE1D0960F60F255AA305E9DD477C38B7BB70AC545082C9D5E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...6..q.........." .........0...............................................@.......-....`A............................................e............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):30328
                                                                                                                                                                                                Entropy (8bit):5.14173409150951
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:r7yaFM4Oe59Ckb1hgmLVWqhW2CsWNbZR9zQoekS:/FMq59Bb1jnoFT9zGp
                                                                                                                                                                                                MD5:B8F0210C47847FC6EC9FBE2A1AD4DEBB
                                                                                                                                                                                                SHA1:E99D833AE730BE1FEDC826BF1569C26F30DA0D17
                                                                                                                                                                                                SHA-256:1C4A70A73096B64B536BE8132ED402BCFB182C01B8A451BFF452EFE36DDF76E7
                                                                                                                                                                                                SHA-512:992D790E18AC7AE33958F53D458D15BFF522A3C11A6BD7EE2F784AC16399DE8B9F0A7EE896D9F2C96D1E2C8829B2F35FF11FC5D8D1B14C77E22D859A1387797C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d................" .........P...............................................`............`A.............................................%...........P...............P..x&..............p............................................................................rdata...'.......0..................@..@.data........@......................@....rsrc........P.......@..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-multibyte-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):30312
                                                                                                                                                                                                Entropy (8bit):4.96699982894665
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:PfhhvLPmIHJI6/CpG3t2G3t4odXLVWqhW2ntNbZR9zQo9eZ:xhPmIHJI69VFT9zO
                                                                                                                                                                                                MD5:075419431D46DC67932B04A8B91A772F
                                                                                                                                                                                                SHA1:DB2AF49EE7B6BEC379499B5A80BE39310C6C8425
                                                                                                                                                                                                SHA-256:3A4B66E65A5EE311AFC37157A8101ABA6017FF7A4355B4DD6E6C71D5B7223560
                                                                                                                                                                                                SHA-512:76287E0003A396CDA84CE6B206986476F85E927A389787D1D273684167327C41FC0FE5E947175C0DEB382C5ACCF785F867D9FCE1FEA4ABD7D99B201E277D1704
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...Y.g..........." .........P...............................................`.......r....`A............................................. ...........P...............P..h&..............p............................................................................rdata..t".......0..................@..@.data........@......................@....rsrc........P.......@..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22120
                                                                                                                                                                                                Entropy (8bit):4.883012715268179
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:5eXrqjd7ZWqhW3WEXCVWQ4mW3Ql1Lrp0KBQfX01k9z3ALkjY/12:54rgWqhWsP1RxB+R9z2kjY/Y
                                                                                                                                                                                                MD5:272C0F80FD132E434CDCDD4E184BB1D8
                                                                                                                                                                                                SHA1:5BC8B7260E690B4D4039FE27B48B2CECEC39652F
                                                                                                                                                                                                SHA-256:BD943767F3E0568E19FB52522217C22B6627B66A3B71CD38DD6653B50662F39D
                                                                                                                                                                                                SHA-512:94892A934A92EF1630FBFEA956D1FE3A3BFE687DEC31092828960968CB321C4AB3AF3CAF191D4E28C8CA6B8927FBC1EC5D17D5C8A962C848F4373602EC982CD4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...<SdT.........." .........0...............................................@......N.....`A............................................x............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):26208
                                                                                                                                                                                                Entropy (8bit):5.023753175006074
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:4mGqX8mPrpJhhf4AN5/KiFWqhWyzWEXCVWQ4OW4034hHssDX01k9z3AaYX2cWo:4ysyr77WqhWyI0oFDR9z9YH9
                                                                                                                                                                                                MD5:20C0AFA78836B3F0B692C22F12BDA70A
                                                                                                                                                                                                SHA1:60BB74615A71BD6B489C500E6E69722F357D283E
                                                                                                                                                                                                SHA-256:962D725D089F140482EE9A8FF57F440A513387DD03FDC06B3A28562C8090C0BC
                                                                                                                                                                                                SHA-512:65F0E60136AB358661E5156B8ECD135182C8AAEFD3EC320ABDF9CFC8AEAB7B68581890E0BBC56BAD858B83D47B7A0143FA791195101DC3E2D78956F591641D16
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....TR.........." .........@...............................................P......D!....`A............................................4............@...............@..`&..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):26232
                                                                                                                                                                                                Entropy (8bit):5.289041983400337
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:UuV2OlkuWYFxEpahfWqhWNWJWadJCsVWQ4mWeX9UfKUSIX01k9z3AEXzGd5S:dV2oFVhfWqhWMCstE2IR9z5Sd5S
                                                                                                                                                                                                MD5:96498DC4C2C879055A7AFF2A1CC2451E
                                                                                                                                                                                                SHA1:FECBC0F854B1ADF49EF07BEACAD3CEC9358B4FB2
                                                                                                                                                                                                SHA-256:273817A137EE049CBD8E51DC0BB1C7987DF7E3BF4968940EE35376F87EF2EF8D
                                                                                                                                                                                                SHA-512:4E0B2EF0EFE81A8289A447EB48898992692FEEE4739CEB9D87F5598E449E0059B4E6F4EB19794B9DCDCE78C05C8871264797C14E4754FD73280F37EC3EA3C304
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...k. U.........." .........@...............................................P............`A............................................a............@...............@..x&..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):26232
                                                                                                                                                                                                Entropy (8bit):5.284932479906984
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:tCLx0C5yguNvZ5VQgx3SbwA7yMVIkFGlTWqhWbQCsMSR9zful:tCV5yguNvZ5VQgx3SbwA71IkFGqHe9zI
                                                                                                                                                                                                MD5:115E8275EB570B02E72C0C8A156970B3
                                                                                                                                                                                                SHA1:C305868A014D8D7BBEF9ABBB1C49A70E8511D5A6
                                                                                                                                                                                                SHA-256:415025DCE5A086DBFFC4CF322E8EAD55CB45F6D946801F6F5193DF044DB2F004
                                                                                                                                                                                                SHA-512:B97EF7C5203A0105386E4949445350D8FF1C83BDEAEE71CCF8DC22F7F6D4F113CB0A9BE136717895C36EE8455778549F629BF8D8364109185C0BF28F3CB2B2CA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.... .h.........." .........@...............................................P......\.....`A.........................................................@...............@..x&..............p............................................................................rdata.._........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22120
                                                                                                                                                                                                Entropy (8bit):5.253102285412285
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:mt3hwDGWqhWrWEXCVWQ4mWn+deyttuX01k9z3A23x:AWqhWgPSR9zfh
                                                                                                                                                                                                MD5:001E60F6BBF255A60A5EA542E6339706
                                                                                                                                                                                                SHA1:F9172EC37921432D5031758D0C644FE78CDB25FA
                                                                                                                                                                                                SHA-256:82FBA9BC21F77309A649EDC8E6FC1900F37E3FFCB45CD61E65E23840C505B945
                                                                                                                                                                                                SHA-512:B1A6DC5A34968FBDC8147D8403ADF8B800A06771CC9F15613F5CE874C29259A156BAB875AAE4CAAEC2117817CE79682A268AA6E037546AECA664CD4EEA60ADBF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...G............" .........0...............................................@.......&....`A.........................................................0...............0..h&..............p............................................................................rdata..=...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22136
                                                                                                                                                                                                Entropy (8bit):4.810971823417463
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:p/fHQduDWqhWJWJWadJCsVWQ4mWxrnyttuX01k9z3A2Yv6WT:p/ftWqhWoCsmySR9zfYvvT
                                                                                                                                                                                                MD5:A0776B3A28F7246B4A24FF1B2867BDBF
                                                                                                                                                                                                SHA1:383C9A6AFDA7C1E855E25055AAD00E92F9D6AAFF
                                                                                                                                                                                                SHA-256:2E554D9BF872A64D2CD0F0EB9D5A06DEA78548BC0C7A6F76E0A0C8C069F3C0A9
                                                                                                                                                                                                SHA-512:7C9F0F8E53B363EF5B2E56EEC95E7B78EC50E9308F34974A287784A1C69C9106F49EA2D9CA037F0A7B3C57620FCBB1C7C372F207C68167DF85797AFFC3D7F3BA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...2............." .........0...............................................@......^.....`A............................................^............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\base_library.zip

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1439447
                                                                                                                                                                                                Entropy (8bit):5.586381782332628
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:6QRqL5TPAxNWlUKdcubgAnj90HtAWfh2dYMbPRMZdf9:6QRqL2xNbrp
                                                                                                                                                                                                MD5:2A138E2EE499D3BA2FC4AFAEF93B7CAA
                                                                                                                                                                                                SHA1:508C733341845E94FCE7C24B901FC683108DF2A8
                                                                                                                                                                                                SHA-256:130E506EAD01B91B60D6D56072C468AEB5457DD0F2ECD6CE17DFCBB7D51A1F8C
                                                                                                                                                                                                SHA-512:1F61A0FDA5676E8ED8D10DFEE78267F6D785F9C131F5CAF2DD984E18CA9E5866B7658AB7EDB2FFD74920A40FFEA5CD55C0419F5E9EE57A043105E729E10D820B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK..........!. ..y............_collections_abc.pyc............................................d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.........................Z...e.d...............Z.d...Z...e.e...............Z.[.g.d...Z.d.Z...e...e.d.............................Z...e...e...e...........................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.g.............................Z...e...e...e.g...........................................Z...e...e...e.d...........................................Z...e...e...e.d.d.z.............................................Z...e...e...e...........................................Z...e...e.d.............................Z ..e...e.d.............................Z!..e...e...e"..........................................Z#..e.i.......................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\certifi\cacert.pem

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):294769
                                                                                                                                                                                                Entropy (8bit):6.047057219398099
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:QW1x/M8fRRiplkXURrVADwYCuCCgT/Q5MSRqNb7d84u5Nahx:QWb/TRiLWURrId5MWavdX08/
                                                                                                                                                                                                MD5:52A8319281308DE49CCEF4850A7245BC
                                                                                                                                                                                                SHA1:43D20D833B084454311CA9B00DD7595C527CE3BB
                                                                                                                                                                                                SHA-256:807897254F383A27F45E44F49656F378ABAB2141EDE43A4AD3C2420A597DD23F
                                                                                                                                                                                                SHA-512:2764222C0CD8C862906AC0E3E51F201E748822FE9CE9B1008F3367FDD7F0DB7CC12BF86E319511157AF087DD2093C42E2D84232FAE023D35EE1E425E7C43382D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\charset_normalizer\md.cp311-win_amd64.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10752
                                                                                                                                                                                                Entropy (8bit):4.821961098415509
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:RIp0fK74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCF2CQAAZW/olyc8H49:RAFCk2z1/t12iwU5usJFSCyAoccg
                                                                                                                                                                                                MD5:E3D495CF14D857349554A3606A8E7210
                                                                                                                                                                                                SHA1:DB0843B89A84FB37EFD3C76168BCB303174AAC29
                                                                                                                                                                                                SHA-256:E21F4C40C29BE0B115463E7BB8A365946A4AFC152B9FFF602ABD41C6E0CE68A2
                                                                                                                                                                                                SHA-512:8F69A16042E88BC51D30AD4C78D8240E2619104324E79E5F382975486BFB39B4E0A3C35976D08399300D7823D6A358104658374DAF36A513CE0774F3611D4D6E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6Z..r;..r;..r;..{CM.p;..c...p;......p;..c...q;..c...z;..c...y;......q;..r;..T;.....s;.....s;...!.s;.....s;..Richr;..................PE..d.....jg.........." ...*.....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):121344
                                                                                                                                                                                                Entropy (8bit):5.916933725193865
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:pLnt36j53DaUzH7Tiu6nrD2LhacNlbRD9iTV/n:tnF6rqgha8mJ/
                                                                                                                                                                                                MD5:BD18F35F8A56415EC604D97BD3DD44C4
                                                                                                                                                                                                SHA1:63F51EB5DAFEB24327E3BCB63828336C920B4FCD
                                                                                                                                                                                                SHA-256:F3501EBCE24205F3DC54192CD917EAB9A899FE936570650253D4C1466383EFF1
                                                                                                                                                                                                SHA-512:3C1C268005F494413CD2F9409B64ED3A2C9AF558C0F317447AF2C27776406C61DCB28AE6720AF156145078EC565A14A3E12D409E57389BB3D4D10F8D7A92A7D1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......".7.f.Y.f.Y.f.Y.o...n.Y.wzX.d.Y..}X.d.Y.wzZ.e.Y.wz].n.Y.wz\.k.Y..}X.e.Y.f.X...Y..zQ.g.Y..zY.g.Y..z..g.Y..z[.g.Y.Richf.Y.........................PE..d.....jg.........." ...*.2..........`5.......................................0............`.........................................p...d......................p............ ......................................p...@............P...............................text....1.......2.................. ..`.rdata...Y...P...Z...6..............@..@.data....=.......0..................@....pdata..p...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\cryptography-44.0.0.dist-info\INSTALLER

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4
                                                                                                                                                                                                Entropy (8bit):1.5
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Mn:M
                                                                                                                                                                                                MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:pip.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\cryptography-44.0.0.dist-info\METADATA

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5724
                                                                                                                                                                                                Entropy (8bit):5.120429897887076
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:DlkQIUQIhQIKQILbQIRIaMPktjaVMxsxA2ncEvGDfe0HEdwGArNZG0JQTQCQx5Kw:dcPuPwsrcEvGDfe0HENA5w0JQTQ9x59H
                                                                                                                                                                                                MD5:526D9AC9D8150602EC9ED8B9F4DE7102
                                                                                                                                                                                                SHA1:DBA2CB32C21C4B0F575E77BBCDD4FA468056F5E3
                                                                                                                                                                                                SHA-256:D95F491ED418DC302DB03804DAF9335CE21B2DF4704587E6851EF03E1F84D895
                                                                                                                                                                                                SHA-512:FB13A2F6B64CB7E380A69424D484FC9B8758FA316A7A155FF062BFDACDCA8F2C5D2A03898CD099688B1C16A5A0EDCECFC42BF0D4D330926B10C3FCE9F5238643
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Metadata-Version: 2.3.Name: cryptography.Version: 44.0.0.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\cryptography-44.0.0.dist-info\RECORD

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16380
                                                                                                                                                                                                Entropy (8bit):5.587607398047088
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:hXr1GL/l45jEVeKUZVhXau4WJU6F6Gotqw+Iq+NX6ih5VfUqb8q:hXOlMEVdcaiJU6F6Gotqw+/+96ih18q
                                                                                                                                                                                                MD5:09AF09857B22A20B1237C76423D111A3
                                                                                                                                                                                                SHA1:0FA4BECCCB7DE4B5F56A5A2E84D8751A089B136E
                                                                                                                                                                                                SHA-256:18508C295D7D68317791CAB2DBFBFF1B79C19B1812A83C7A15A01FC8263D5249
                                                                                                                                                                                                SHA-512:D0D0C5F728E4F7BD136465722AF8CEAAA83A7F70AA779C90F80EF7B5DDA837E58C8DD1740B8CA5CB27E84E37B9B9FDAA63C2242E8EA60D21EE2EA814F846211A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:cryptography-44.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-44.0.0.dist-info/METADATA,sha256=2V9JHtQY3DAtsDgE2vkzXOIbLfRwRYfmhR7wPh-E2JU,5724..cryptography-44.0.0.dist-info/RECORD,,..cryptography-44.0.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-44.0.0.dist-info/WHEEL,sha256=Hn9bytZpOGoR6M4U5xUTHC1AJpPD9B1xPrM4STxljEU,94..cryptography-44.0.0.dist-info/licenses/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-44.0.0.dist-info/licenses/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-44.0.0.dist-info/licenses/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=fcUqF1IcadxBSH0us1vCvob0OJOrPV3h30yZD8wsHo4,445..cryptography/__init__.py,sha256=XsRL_PxbU6UgoyoglAgJQSrJCP97ovBA8YIEQ2-uI68,762..cryptography/__pycache__/__about__.cpython-311.pyc,,..cryptography/__pycache__/__init__.cpython-311

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\cryptography-44.0.0.dist-info\WHEEL

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):94
                                                                                                                                                                                                Entropy (8bit):5.0373614967294325
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:RtEeX5pG6vhP+tkKciH/KQb:RtvoKWKTQb
                                                                                                                                                                                                MD5:A868F93FCF51C4F1C25658D54F994349
                                                                                                                                                                                                SHA1:535C88A10911673DEABB7889D365E81729E483A6
                                                                                                                                                                                                SHA-256:1E7F5BCAD669386A11E8CE14E715131C2D402693C3F41D713EB338493C658C45
                                                                                                                                                                                                SHA-512:EC13CAC9DF03676640EF5DA033E8C2FAEE63916F27CC27B9C43F0824B98AB4A6ECB4C8D7D039FA6674EF189BDD9265C8ED509C1D80DFF610AEB9E081093AEB3D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Wheel-Version: 1.0.Generator: maturin (1.7.5).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\cryptography-44.0.0.dist-info\licenses\LICENSE

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):197
                                                                                                                                                                                                Entropy (8bit):4.61968998873571
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\cryptography-44.0.0.dist-info\licenses\LICENSE.APACHE

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11360
                                                                                                                                                                                                Entropy (8bit):4.426756947907149
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\cryptography-44.0.0.dist-info\licenses\LICENSE.BSD

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1532
                                                                                                                                                                                                Entropy (8bit):5.058591167088024
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8292864
                                                                                                                                                                                                Entropy (8bit):6.493076254122072
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:98304:Y4sf3zg+qUuQdPJMqYLSxuBLZqwt0kDO+5+O:cdeqYLSxuBLZrGjq+
                                                                                                                                                                                                MD5:34293B976DA366D83C12D8EE05DE7B03
                                                                                                                                                                                                SHA1:82B8EB434C26FCC3A5D9673C9B93663C0FF9BF15
                                                                                                                                                                                                SHA-256:A2285C3F2F7E63BA8A17AB5D0A302740E6ADF7E608E0707A7737C1EC3BD8CECC
                                                                                                                                                                                                SHA-512:0807EC7515186F0A989BB667150A84FF3BEBCC248625597BA0BE3C6F07AD60D70CF8A3F65191436EC16042F446D4248BF92FCD02212E459405948DB10F078B8E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y.j...j...j....F..j.......j.......j.......j.......j.......j.......j...j...h.......i...j...j.......j.......j..Rich.j..........................PE..d....^Gg.........." ...*.R\..n"......~Z.......................................~...........`...........................................x.X.....x...............y...............~.......o.T.....................o.(...p.o.@............p\.8............................text....Q\......R\................. ..`.rdata..P9...p\..:...V\.............@..@.data... >....x.......x.............@....pdata........y.......y.............@..@.reloc........~.......}.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\libcrypto-1_1.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3441504
                                                                                                                                                                                                Entropy (8bit):6.097985120800337
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:8TKuk2CQIU6iV9OjPWgBqIVRIaEv5LY/RnQ2ETEvrPnkbsYNPsNwsML1CPwDv3u6:Vv+KRi5KsEKsY+NwsG1CPwDv3uFfJu
                                                                                                                                                                                                MD5:6F4B8EB45A965372156086201207C81F
                                                                                                                                                                                                SHA1:8278F9539463F0A45009287F0516098CB7A15406
                                                                                                                                                                                                SHA-256:976CE72EFD0A8AEEB6E21AD441AA9138434314EA07F777432205947CDB149541
                                                                                                                                                                                                SHA-512:2C5C54842ABA9C82FB9E7594AE9E264AC3CBDC2CC1CD22263E9D77479B93636799D0F28235AC79937070E40B04A097C3EA3B7E0CD4376A95ED8CA90245B7891F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........a...2...2...2...2...2..3...2..3...2..3...2..3...2...2...2L.3...2..3...2..3.2..3...2..p2...2..3...2Rich...2........................PE..d...m..b.........." ... ..$...................................................4....../5...`..........................................h/..h...*4.@....`4.|....`2.....Z4.`)...p4..O....,.8...........................`.,.@............ 4..............................text.....$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata.......`2.......1.............@..@.idata..^#... 4..$....3.............@..@.00cfg..u....P4.......3.............@..@.rsrc...|....`4.......3.............@..@.reloc...x...p4..z....3.............@..B................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\libffi-8.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):35064
                                                                                                                                                                                                Entropy (8bit):6.362215445656998
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:SB8J4ihYfwYiXGPc9orPji8i4DDQWvGaRQsTeCXS/Fzc7jsFruRXYV1ZE9DRCXjQ:rGHs4vpegQsTT0uj82S7Fp2DG4yshH
                                                                                                                                                                                                MD5:32D36D2B0719DB2B739AF803C5E1C2F5
                                                                                                                                                                                                SHA1:023C4F1159A2A05420F68DAF939B9AC2B04AB082
                                                                                                                                                                                                SHA-256:128A583E821E52B595EB4B3DDA17697D3CA456EE72945F7ECCE48EDEDAD0E93C
                                                                                                                                                                                                SHA-512:A0A68CFC2F96CB1AFD29DB185C940E9838B6D097D2591B0A2E66830DD500E8B9538D170125A00EE8C22B8251181B73518B73DE94BEEEDD421D3E888564A111C1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X................d.....N...................5...N......N......N....................................Rich............................PE..d....$(a.........." .....H...*.......L..............................................4.....`..........................................l.......o..P...............8....l..........(....b...............................c..8............`.. ............................text....G.......H.................. ..`.rdata..X....`.......L..............@..@.data................b..............@....pdata..8............d..............@..@.reloc..(............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\libssl-1_1.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):702816
                                                                                                                                                                                                Entropy (8bit):5.547832370836076
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:UUnBMlBGdU/t0voUYHgqRJd7a7+JLvrfX7bOI8Fp0D6WuHU2lvzR:UN/t0vMnffOI8Fp0D6TU2lvzR
                                                                                                                                                                                                MD5:8769ADAFCA3A6FC6EF26F01FD31AFA84
                                                                                                                                                                                                SHA1:38BAEF74BDD2E941CCD321F91BFD49DACC6A3CB6
                                                                                                                                                                                                SHA-256:2AEBB73530D21A2273692A5A3D57235B770DAF1C35F60C74E01754A5DAC05071
                                                                                                                                                                                                SHA-512:FAC22F1A2FFBFB4789BDEED476C8DAF42547D40EFE3E11B41FADBC4445BB7CA77675A31B5337DF55FDEB4D2739E0FB2CBCAC2FEABFD4CD48201F8AE50A9BD90B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D.p*..p*..p*......p*...+..p*.\.+..p*.../..p*......p*...)..p*...+..p*..p+.iq*......p*...*..p*.....p*...(..p*.Rich.p*.........PE..d......b.........." ... .B...T......<.....................................................`.........................................@A...N..@U..........s........M......`)......h...0...8...............................@............@..@............................text....@.......B.................. ..`.rdata..J/...`...0...F..............@..@.data...AM.......D...v..............@....pdata...V.......X..................@..@.idata..%W...@...X..................@..@.00cfg..u............j..............@..@.rsrc...s............l..............@..@.reloc..l............t..............@..B................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\pyexpat.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):198008
                                                                                                                                                                                                Entropy (8bit):6.362387676939168
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:6SD0qUuvSsbk1ztMxTfyxh591VisxskpZFkjEVE/qCOeU19IDQhHVxB:6g0pJzmyxh59142WEG/u1Z
                                                                                                                                                                                                MD5:1C0A578249B658F5DCD4B539EEA9A329
                                                                                                                                                                                                SHA1:EFE6FA11A09DEDAC8964735F87877BA477BEC341
                                                                                                                                                                                                SHA-256:D97F3E27130C267E7D3287D1B159F65559E84EAD9090D02A01B4C7DC663CD509
                                                                                                                                                                                                SHA-512:7B21DCD7B64EEBA13BA8A618960190D1A272FA4805DEDCF8F9E1168AEBFE890B0CED991435ECBD353467A046FC0E8307F9A9BE1021742D7D93AA124C52CC49E6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........P..1..1..1..IX..1..J..1..J..1..J..1..J..1..J..1.\C..1..1..1..J..1..J..1..J4..1..J..1.Rich.1.................PE..d...k.Vc.........." ...!............ ........................................ ......lQ....`.............................................P..............................x)..........p3..T...........................02..@............ ...............................text............................... ..`.rdata...... ......................@..@.data.... ..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\python3.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):65920
                                                                                                                                                                                                Entropy (8bit):6.085964919090515
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:Apw/EsYpkVgBaz57kcDA7QKFmpz7cnzH/ks/KF61xubwmB1Cf//yhC74JFmpktJU:V/5k8cnzeJH9IDQ0K7SyOPx
                                                                                                                                                                                                MD5:34E49BB1DFDDF6037F0001D9AEFE7D61
                                                                                                                                                                                                SHA1:A25A39DCA11CDC195C9ECD49E95657A3E4FE3215
                                                                                                                                                                                                SHA-256:4055D1B9E553B78C244143AB6B48151604003B39A9BF54879DEE9175455C1281
                                                                                                                                                                                                SHA-512:EDB715654BAAF499CF788BCACD5657ADCF9F20B37B02671ABE71BDA334629344415ED3A7E95CB51164E66A7AA3ED4BF84ACB05649CCD55E3F64036F3178B7856
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q...e...e...e..km...e..ke...e..k....e..kg...e.Rich..e.................PE..d...\.Vc.........." ...!..................................................................`.........................................`...P................................)..............T............................................................................rdata..............................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\python311.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5758328
                                                                                                                                                                                                Entropy (8bit):6.089726305084683
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:98304:JdHwQkq3AAtsPv3XXTVEspHBMp4SsPxQpe2bx:JdHwQkq3AMsPvHXSpAxQpe2V
                                                                                                                                                                                                MD5:9A24C8C35E4AC4B1597124C1DCBEBE0F
                                                                                                                                                                                                SHA1:F59782A4923A30118B97E01A7F8DB69B92D8382A
                                                                                                                                                                                                SHA-256:A0CF640E756875C25C12B4A38BA5F2772E8E512036E2AC59EB8567BF05FFBFB7
                                                                                                                                                                                                SHA-512:9D9336BF1F0D3BC9CE4A636A5F4E52C5F9487F51F00614FC4A34854A315CE7EA8BE328153812DBD67C45C75001818FA63317EBA15A6C9A024FA9F2CAB163165B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ih.-...-...-...r../...r@.#...r..!...r..%...r..)...$q..7....{..&...-...H...r......r..,...rB.,...r..,...Rich-...........PE..d...R.Vc.........." ...!.T%..,7......K........................................\......~X...`.........................................P.@......NA......`[.......V../....W.x)...p[..B....).T...........................P.).@............p%..............................text...BS%......T%................. ..`.rdata..0....p%......X%.............@..@.data.........A..N...\A.............@....pdata.../....V..0....Q.............@..@PyRuntim......X.......S.............@....rsrc........`[......fV.............@..@.reloc...B...p[..D...pV.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\pywin32_system32\pythoncom311.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):670208
                                                                                                                                                                                                Entropy (8bit):6.035999626973864
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:ngSkceIv3zBJBQoXNi4LCQqAOffa1tpd5g:gSkc/v3zB9NiEWfa
                                                                                                                                                                                                MD5:31C1BF2ACA5DF417F6CE2618C3EEFE7E
                                                                                                                                                                                                SHA1:4C2F7FE265FF28396D03BA0CAB022BBD1785DBF2
                                                                                                                                                                                                SHA-256:1DAF7C87B48554F1481BA4431102D0429704832E42E3563501B1FFDD3362FCD1
                                                                                                                                                                                                SHA-512:5723145F718CC659ADD658BA545C5D810E7032842907BAB5C2335E3DE7F20FE69B58AA42512FD67EA8C6AA133E59E0C26BD90700BDD0D0171AF6C1E1C73A2719
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."..~f..-f..-f..-o..-l..-4..,b..-4..,q..-4..,n..-4..,b..-...,d..--..,k..-...,d..--..,o..-f..-5..-...,7..-...,g..-...,g..-Richf..-................PE..d...&..g.........." ......................................................................`..........................................U...c..(...........l....@...z............... ..P...T...............................8............................................text............................... ..`.rdata..x$.......&..................@..@.data....I..........................@....pdata...z...@...|..................@..@.rsrc...l...........................@..@.reloc... ......."..................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\pywin32_system32\pywintypes311.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):134656
                                                                                                                                                                                                Entropy (8bit):5.999117329459055
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:kLcVKY3tOSjPenBttgY/r06Yr27vJmxETaTX7wevxJ:kLcVKY3tOWPxY/rkqzJmxEmTXMev
                                                                                                                                                                                                MD5:5D67ABF69A8939D13BEFB7DE9889B253
                                                                                                                                                                                                SHA1:BCBBF88C05732D4E1E3811FD312425C1C92018D1
                                                                                                                                                                                                SHA-256:615EB8A75F9ED9371A59DA8F31E27EE091C013DB0B9164A5124CA0656EA47CB4
                                                                                                                                                                                                SHA-512:FA34EB05996C41F23524A8B4F1FAED0BDD41224D8E514AA57D568A55D2044C32798C1357F22C72AD79FD02948CAAD89B98B8E9B0AD2927E4A0169739335271CE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I+.j'x.j'x.j'x...x.j'x..&y.j'x...x.j'x.."y.j'x..#y.j'x..$y.j'x..#y.j'x..&y.j'x..&y.j'x.j&xCj'xk..y.j'xk.'y.j'xk.%y.j'xRich.j'x................PE..d......g.........." ................,........................................P............`..........................................u..lB......,....0..l.......L............@..0....Q..T............................R..8............................................text...y........................... ..`.rdata..............................@..@.data....-.......(..................@....pdata..L...........................@..@.rsrc...l....0......................@..@.reloc..0....@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\select.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):29056
                                                                                                                                                                                                Entropy (8bit):6.49468173344972
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:5oR1ecReJKwHqUuI7A70RUZ9ID7GvIYiSy1pCQlIJNPxh8E9VF0NyUT2:ezeUeJlHqybG9ID7GQYiSyvCPxWEC
                                                                                                                                                                                                MD5:97EE623F1217A7B4B7DE5769B7B665D6
                                                                                                                                                                                                SHA1:95B918F3F4C057FB9C878C8CC5E502C0BD9E54C0
                                                                                                                                                                                                SHA-256:0046EB32F873CDE62CF29AF02687B1DD43154E9FD10E0AA3D8353D3DEBB38790
                                                                                                                                                                                                SHA-512:20EDC7EAE5C0709AF5C792F04A8A633D416DA5A38FC69BD0409AFE40B7FB1AFA526DE6FE25D8543ECE9EA44FD6BAA04A9D316AC71212AE9638BDEF768E661E0F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>.t^_f'^_f'^_f'W'.'\_f'.$g&\_f'.$c&R_f'.$b&V_f'.$e&Z_f'.$g&\_f'^_g'._f'.-g&[_f'.$k&__f'.$f&__f'.$.'__f'.$d&__f'Rich^_f'........PE..d...e.Vc.........." ...!.....2............................................................`..........................................@..L...,A..x....p.......`.......H...)......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\setuptools-65.5.0.dist-info\INSTALLER

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4
                                                                                                                                                                                                Entropy (8bit):1.5
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Mn:M
                                                                                                                                                                                                MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:pip.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\setuptools-65.5.0.dist-info\LICENSE

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1050
                                                                                                                                                                                                Entropy (8bit):5.072538194763298
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:1rmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:1aJ8YHvEH5QHOs5exm3oEFJ
                                                                                                                                                                                                MD5:7A7126E068206290F3FE9F8D6C713EA6
                                                                                                                                                                                                SHA1:8E6689D37F82D5617B7F7F7232C94024D41066D1
                                                                                                                                                                                                SHA-256:DB3F0246B1F9278F15845B99FEC478B8B506EB76487993722F8C6E254285FAF8
                                                                                                                                                                                                SHA-512:C9F0870BC5D5EFF8769D9919E6D8DDE1B773543634F7D03503A9E8F191BD4ACC00A97E0399E173785D1B65318BAC79F41D3974AE6855E5C432AC5DACF8D13E8A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Copyright Jason R. Coombs..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTW

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\setuptools-65.5.0.dist-info\METADATA

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6301
                                                                                                                                                                                                Entropy (8bit):5.107162422517841
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:W4rkAIG0wRg8wbNDdq6T9927uoU/GBpHFwTZ:Sq0wRg8wbNDdBh927uoU/GBRFi
                                                                                                                                                                                                MD5:9E59BD13BB75B38EB7962BF64AC30D6F
                                                                                                                                                                                                SHA1:70F6A68B42695D1BFA55ACB63D8D3351352B2AAC
                                                                                                                                                                                                SHA-256:80C7A3B78EA0DFF1F57855EE795E7D33842A0827AA1EF4EE17EC97172A80C892
                                                                                                                                                                                                SHA-512:67AC61739692ECC249EBDC8F5E1089F68874DCD65365DB1C389FDD0CECE381591A30B99A2774B8CAAA00E104F3E35FF3745AFF6F5F0781289368398008537AE7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Metadata-Version: 2.1.Name: setuptools.Version: 65.5.0.Summary: Easily download, build, install, upgrade, and uninstall Python packages.Home-page: https://github.com/pypa/setuptools.Author: Python Packaging Authority.Author-email: distutils-sig@python.org.Project-URL: Documentation, https://setuptools.pypa.io/.Project-URL: Changelog, https://setuptools.pypa.io/en/stable/history.html.Keywords: CPAN PyPI distutils eggs package management.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Topic :: Software Development :: Libraries :: Python Modules.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: Topic :: System :: Systems Administration.Classifier: Topic :: Utilities.Requires-Python: >=3.7.License-File: LICENSE.Provides-Extra: certs.Provides-Extra: docs.Requi

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\setuptools-65.5.0.dist-info\RECORD

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):37694
                                                                                                                                                                                                Entropy (8bit):5.555787611309118
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:vSzcBlShgRUhbul9nXJkpIVh498WjXYH0+5+E/8mrnaDoaQP7IOQRJqxBPgof2yd:vc853yQXYAY8AKCT9r2/GsIVxE9Im
                                                                                                                                                                                                MD5:087F72A04BB085627494651E36C4C513
                                                                                                                                                                                                SHA1:1E39070E246F91D8926268A033C6F584E629E2DE
                                                                                                                                                                                                SHA-256:BFB77A968E06417BD37023BF1A2D7F1AAE9D8E74231665D6699D5BB82BDBD7B0
                                                                                                                                                                                                SHA-512:39CE042A20324C6B63A192D70E56B36318C45D04B810A6BD333D1D40B6DAAD947AFB9156C003BC86C700A59F0F25753416D754DA06C808814920F92582CB6058
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:_distutils_hack/__init__.py,sha256=TSekhUW1fdE3rjU3b88ybSBkJxCEpIeWBob4cEuU3ko,6128.._distutils_hack/__pycache__/__init__.cpython-311.pyc,,.._distutils_hack/__pycache__/override.cpython-311.pyc,,.._distutils_hack/override.py,sha256=Eu_s-NF6VIZ4Cqd0tbbA5wtWky2IZPNd8et6GLt1mzo,44..distutils-precedence.pth,sha256=JjjOniUA5XKl4N5_rtZmHrVp0baW_LoHsN0iPaX10iQ,151..pkg_resources/__init__.py,sha256=fT5Y3P1tcSX8sJomClUU10WHeFmvqyNZM4UZHzdpAvg,108568..pkg_resources/__pycache__/__init__.cpython-311.pyc,,..pkg_resources/_vendor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..pkg_resources/_vendor/__pycache__/__init__.cpython-311.pyc,,..pkg_resources/_vendor/__pycache__/appdirs.cpython-311.pyc,,..pkg_resources/_vendor/__pycache__/zipp.cpython-311.pyc,,..pkg_resources/_vendor/appdirs.py,sha256=MievUEuv3l_mQISH5SF0shDk_BNhHHzYiAPrT3ITN4I,24701..pkg_resources/_vendor/importlib_resources/__init__.py,sha256=evPm12kLgYqTm-pbzm60bOuumumT8IpBNWFp0uMyrzE,506..pkg_resources/_vendor/importli

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\setuptools-65.5.0.dist-info\WHEEL

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):92
                                                                                                                                                                                                Entropy (8bit):4.820827594031884
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:RtEeX7MWcSlViZHKRRP+tPCCfA5S:RtBMwlViojWBBf
                                                                                                                                                                                                MD5:4D57030133E279CEB6A8236264823DFD
                                                                                                                                                                                                SHA1:0FDC3988857C560E55D6C36DCC56EE21A51C196D
                                                                                                                                                                                                SHA-256:1B5E87E00DC87A84269CEAD8578B9E6462928E18A95F1F3373C9EEF451A5BCC0
                                                                                                                                                                                                SHA-512:CD98F2A416AC1B13BA82AF073D0819C0EA7C095079143CAB83037D48E9A5450D410DC5CF6B6CFF3F719544EDF1C5F0C7E32E87B746F1C04FE56FAFD614B39826
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.37.1).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\setuptools-65.5.0.dist-info\entry_points.txt

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2740
                                                                                                                                                                                                Entropy (8bit):4.540737240939103
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:lELcZDy3g6ySDsm90rZh2Phv4hhpTqTog:yLAP8arZoP94hTTqcg
                                                                                                                                                                                                MD5:D3262B65DB35BFFAAC248075345A266C
                                                                                                                                                                                                SHA1:93AD6FE5A696252B9DEF334D182432CDA2237D1D
                                                                                                                                                                                                SHA-256:DEC880BB89189B5C9B1491C9EE8A2AA57E53016EF41A2B69F5D71D1C2FBB0453
                                                                                                                                                                                                SHA-512:1726750B22A645F5537C20ADDF23E3D3BAD851CD4BDBA0F9666F9F6B0DC848F9919D7AF8AD8847BD4F18D0F8585DDE51AFBAE6A4CAD75008C3210D17241E0291
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:[distutils.commands].alias = setuptools.command.alias:alias.bdist_egg = setuptools.command.bdist_egg:bdist_egg.bdist_rpm = setuptools.command.bdist_rpm:bdist_rpm.build = setuptools.command.build:build.build_clib = setuptools.command.build_clib:build_clib.build_ext = setuptools.command.build_ext:build_ext.build_py = setuptools.command.build_py:build_py.develop = setuptools.command.develop:develop.dist_info = setuptools.command.dist_info:dist_info.easy_install = setuptools.command.easy_install:easy_install.editable_wheel = setuptools.command.editable_wheel:editable_wheel.egg_info = setuptools.command.egg_info:egg_info.install = setuptools.command.install:install.install_egg_info = setuptools.command.install_egg_info:install_egg_info.install_lib = setuptools.command.install_lib:install_lib.install_scripts = setuptools.command.install_scripts:install_scripts.rotate = setuptools.command.rotate:rotate.saveopts = setuptools.command.saveopts:saveopts.sdist = setuptools.command.sdist:sdist.seto

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\setuptools-65.5.0.dist-info\top_level.txt

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                Entropy (8bit):3.9115956018096876
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:3Wd+Nt8AfQYv:3Wd+Nttv
                                                                                                                                                                                                MD5:789A691C859DEA4BB010D18728BAD148
                                                                                                                                                                                                SHA1:AEF2CBCCC6A9A8F43E4E150E7FCF1D7B03F0E249
                                                                                                                                                                                                SHA-256:77DC8BDFDBFF5BBAA62830D21FAB13E1B1348FF2ECD4CDCFD7AD4E1A076C9B88
                                                                                                                                                                                                SHA-512:BC2F7CAAD486EB056CB9F68E6C040D448788C3210FF028397CD9AF1277D0051746CAE58EB172F9E73EA731A65B2076C6091C10BCB54D911A7B09767AA6279EF6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:_distutils_hack.pkg_resources.setuptools.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\sqlite3.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1481088
                                                                                                                                                                                                Entropy (8bit):6.569811736013214
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:GjhOK/D8n/vDz5YZ/9T6F2MkEvTPdZklaOPSwfzDJ8CVjBx+Xt4V9zQXeRxd:IX/CDzGZ1T01TPPk76oDJ8qKXavzQOR
                                                                                                                                                                                                MD5:AC633A9EB00F3B165DA1181A88BB2BDA
                                                                                                                                                                                                SHA1:D8C058A4F873FAA6D983E9A5A73A218426EA2E16
                                                                                                                                                                                                SHA-256:8D58DB3067899C997C2DB13BAF13CD4136F3072874B3CA1F375937E37E33D800
                                                                                                                                                                                                SHA-512:4BF6A3AAFF66AE9BF6BC8E0DCD77B685F68532B05D8F4D18AAA7636743712BE65AB7565C9A5C513D5EB476118239FB648084E18B4EF1A123528947E68BD00A97
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........<T.S]:.S]:.S]:.Z%.._]:..&;.Q]:..&?.^]:..&>.[]:..&9.W]:../;.P]:.S];..]:..&2.R]:..&:.R]:..&.R]:..&8.R]:.RichS]:.........................PE..d.....Vc.........." ...!.................................................................`..........................................1..L"..LS..................\....p...)..........`...T........................... ...@...............(............................text............................... ..`.rdata..............................@..@.data....G...p...>...H..............@....pdata..\...........................@..@.rsrc................X..............@..@.reloc...............b..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\ucrtbase.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1016584
                                                                                                                                                                                                Entropy (8bit):6.669319438805479
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:VkmZDEMHhp9v1Ikbn3ND0TNVOsIut8P4zmxvSZX0yplkA:mmZFHhp9v1Io3h0TN3pvkA
                                                                                                                                                                                                MD5:0E0BAC3D1DCC1833EAE4E3E4CF83C4EF
                                                                                                                                                                                                SHA1:4189F4459C54E69C6D3155A82524BDA7549A75A6
                                                                                                                                                                                                SHA-256:8A91052EF261B5FBF3223AE9CE789AF73DFE1E9B0BA5BDBC4D564870A24F2BAE
                                                                                                                                                                                                SHA-512:A45946E3971816F66DD7EA3788AACC384A9E95011500B458212DC104741315B85659E0D56A41570731D338BDF182141C093D3CED222C007038583CEB808E26FD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........W..l9F.l9F.l9F...F.l9F.l8F.l9F...F.l9F..9G.l9F..:G.l9F..<G.l9F..7G.n9F..=G.l9F...F.l9F..;G.l9FRich.l9F........PE..d.....}X.........." .........`............................................................`A................................................p......................F...=......p...PX..T............................'...............O...............................text............................... ..`.rdata..<u.......v..................@..@.data....$...........r..............@....pdata.............................@..@.rsrc................4..............@..@.reloc..p............:..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\unicodedata.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1138040
                                                                                                                                                                                                Entropy (8bit):5.434701276929729
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:JbYefjwR6nbJonRiPDjRrO518BEPYPx++ZiLKGZ5KXyVH4eDS0E:tYeMQ0IDJc+EwPgPOG6Xyd46S0E
                                                                                                                                                                                                MD5:BC58EB17A9C2E48E97A12174818D969D
                                                                                                                                                                                                SHA1:11949EBC05D24AB39D86193B6B6FCFF3E4733CFD
                                                                                                                                                                                                SHA-256:ECF7836AA0D36B5880EB6F799EC402B1F2E999F78BFFF6FB9A942D1D8D0B9BAA
                                                                                                                                                                                                SHA-512:4AA2B2CE3EB47503B48F6A888162A527834A6C04D3B49C562983B4D5AAD9B7363D57AEF2E17FE6412B89A9A3B37FB62A4ADE4AFC90016E2759638A17B1DEAE6C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e...l...l...l..|....l.0.m...l.0.i...l.0.h...l.0.o...l.>.m...l.cvm...l...m...l.>.a...l.>.l...l.>.....l.>.n...l.Rich..l.................PE..d...k.Vc.........." ...!.>.......... *...................................................`.............................................X...(........`.......P.......4..x)...p......@]..T............................\..@............P..x............................text....=.......>.................. ..`.rdata.......P.......B..............@..@.data...H....0......................@....pdata.......P......."..............@..@.rsrc........`.......(..............@..@.reloc.......p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\win32\_win32sysloader.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14848
                                                                                                                                                                                                Entropy (8bit):5.113812591033072
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:rCm72PEO1jIUs0YqEcPbF55UgCWV4rofnDPdRD0hvHvcqvn7ycIt/G/:rardA0Bzx14r6nDrOhv+O/
                                                                                                                                                                                                MD5:B58CA169FDCFFAB726391D3906DD9A4E
                                                                                                                                                                                                SHA1:C4BB8DA84A5D9C31D0ACB7A4127F55E696F414DF
                                                                                                                                                                                                SHA-256:1A8DCDBD730166889C03FAF285DC1DD9F16090DFE81043D80A9D6308300EBAC9
                                                                                                                                                                                                SHA-512:AA23DEBF80D89A40677D1BF1C7C6C3445A79E76419865B86D0D6A605656478067EBEA2752348FCF77D583D2E5DCD284DA7F55F751D6441E647565DA77F982966
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Dg..%..%..%..]..%...P..%...]..%...P..%...P..%...P..%.....%..%..%..LP..%..LP..%..LP..%..Rich.%..................PE..d......g.........." ......................................................................`..........................................;..`...p;..d....p..t....`..................@...|2..T............................2..8............0..p............................text............................... ..`.rdata..4....0......................@..@.data........P......................@....pdata.......`.......0..............@..@.rsrc...t....p.......4..............@..@.reloc..@............8..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\win32\win32api.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):133120
                                                                                                                                                                                                Entropy (8bit):5.849201651779307
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:znvpE3JJ/Q7DspOCQUUU40Oc3lRVFhLaNzvBii7qQvmwCoY9LQPe:T4xG4pOCQUUU4rWlRVgv5qQSoY9
                                                                                                                                                                                                MD5:D02300D803850C3B0681E16130FECEE4
                                                                                                                                                                                                SHA1:6411815E2A908432A640719ECFE003B43BBBA35C
                                                                                                                                                                                                SHA-256:B938C8CD68B15EC62F053045A764D8DD38162A75373B305B4CF1392AC05DF5F9
                                                                                                                                                                                                SHA-512:6FAD1836614869AB3BB624BDA9943CEAF9E197B17CA4F4FFE78699492B72F95EEE02AE1BB07C0508438956BEF10CC1E656DDF75D0EDC9EF71A3860AF39075564
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<..Vx...x...x...q...p...*..|...*..p...*..|......z.......z...*..o...3..s...x...-......z......y......y...Richx...........PE..d......g.........." .........................................................P............`.........................................P...............0..\....................@..X....v..T............................;..8............0.........@....................text............................... ..`.rdata..b....0......................@..@.data...X(......."..................@....pdata..............................@..@.rsrc...\....0......................@..@.reloc..X....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\win32\win32trace.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):23552
                                                                                                                                                                                                Entropy (8bit):5.281874510289411
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:9eeH8ZmV+zknwMswDuVQO0T8DmMel2/QEVR7AWCq5yn9ukF1B3:N+zi/uVQ1Q/QEVR1NUpB
                                                                                                                                                                                                MD5:965E9833F4CD7A45C2C1EE85EFC2DA3B
                                                                                                                                                                                                SHA1:3C6888194AD30E17DC5EEA7418133A541BCDDF07
                                                                                                                                                                                                SHA-256:5ECD0274DC220312824BB3086B3E129E38A9DCB06913A2F6173A94DC256BF4C5
                                                                                                                                                                                                SHA-512:F8C4E0C82A8229B3BDB897B536EE73B5D2A9A2810B73DCC77C880961A9A16E43746234A108A9A15BF18638FCFB3086E0F5EEFD85D5BF6F799718DC6F199C4A26
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(U.wF..wF..wF......wF...G..wF...C..wF...B..wF...E..wF.D.G..wF...G..wF...G..wF..wG..wF.D.O..wF.D.F..wF.D.D..wF.Rich.wF.................PE..d......g.........." .....,...,.......(....................................................`......................................... Q..T...tQ..........d....p.......................G..T...........................0H..8............@...............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data...(....`.......L..............@....pdata.......p.......R..............@..@.rsrc...d............V..............@..@.reloc...............Z..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI70042\win32com\shell\shell.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):535040
                                                                                                                                                                                                Entropy (8bit):6.1723495244729625
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:SBetHVSFgAXb3MWUF6w7FK3oHPl8eqTOU:SQkgAL3Md983C8eq
                                                                                                                                                                                                MD5:43AA404015B0CEE369E941DC30B3F4B0
                                                                                                                                                                                                SHA1:A34CBA0D08A17934D84B16FCFF5282367EAA08AA
                                                                                                                                                                                                SHA-256:3FB83E9A14901321324F17D11DA50802B6777733E1EE0FD4F89DB0FD09C61690
                                                                                                                                                                                                SHA-512:A8548F39F371B2389EEA45DA4248FFC015F5B243E957BD12B88661DB91D4D745A1CD1E772BDD6C739A87E69A88947FB58248BB394E1C5D21C0A9324EFC87724B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#t.wM'.wM'.wM'...'.wM'..L&.wM'..H&.wM'..I&.wM'..N&.wM'..I&.wM'..L&.wM'!.L&.wM'..K&.wM'..L&.wM'.wL'.wM'!.D&.wM'!.M&.wM'!.O&.wM'Rich.wM'........PE..d...}..g.........." .....2................................................................`.............................................L...<...........L....0..${..............h!......T...............................8............P..(............................text....0.......2.................. ..`.rdata.......P.......6..............@..@.data........P...`...(..............@....pdata..${...0...|..................@..@.rsrc...L...........................@..@.reloc..h!......."..................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                General

                                                                                                                                                                                                File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Entropy (8bit):7.997040089692369
                                                                                                                                                                                                TrID:
                                                                                                                                                                                                • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                File name:LEmcGUQfA7.exe
                                                                                                                                                                                                File size:21'805'582 bytes
                                                                                                                                                                                                MD5:36c21ad5cdbe18051c6b3024919db784
                                                                                                                                                                                                SHA1:4b01afb660b7bb77278f5cea5f7e07c62e8022fc
                                                                                                                                                                                                SHA256:7630174961b715a64d919c822234ffec4289a4e7cbb5bef1464aa19106b59ead
                                                                                                                                                                                                SHA512:03ca8c061857cf69e2ef94916d8074cd63b1924837e71ee72a5830f3b2b1ab9fe8c5445bd4010ede37189fe4c6ec9c2e4022574be6fb4c9c556b2569b2b4105b
                                                                                                                                                                                                SSDEEP:393216:Z9Yi2Vlj87dt8WdqQNuwq3Obs2Cl6dQJluwF3MnG3CblCOL/gJ0OderWxpyk5OeH:Z9Yi2Vl8ZO8rNuwq3ObRq6dQz3MGVObA
                                                                                                                                                                                                TLSH:AA2733467B610CE6F4965439C427C3A8BB627E544FB0DA1BC7A4039A4F9B3D02E3DAC5
                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t=.30\.`0\.`0\.`{$.a7\.`{$.a.\.`{$.a:\.` ..`3\.` ..a9\.` ..a!\.` ..a.\.`{$.a;\.`0\.`.\.`{..a)\.`{..a1\.`Rich0\.`........PE..d..

                                                                                                                                                                                                File Icon

                                                                                                                                                                                                Icon Hash:4a464cd47461e179

                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                General

                                                                                                                                                                                                Entrypoint:0x14000ce20
                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                Imagebase:0x140000000
                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                Time Stamp:0x67774DCF [Fri Jan 3 02:39:11 2025 UTC]
                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                OS Version Major:6
                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                File Version Major:6
                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                Subsystem Version Major:6
                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                Import Hash:72c4e339b7af8ab1ed2eb3821c98713a

                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                Instruction
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                sub esp, 28h
                                                                                                                                                                                                call 00007F8FAD3A5C8Ch
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                add esp, 28h
                                                                                                                                                                                                jmp 00007F8FAD3A58AFh
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                sub esp, 28h
                                                                                                                                                                                                call 00007F8FAD3A6058h
                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                je 00007F8FAD3A5A53h
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                mov eax, dword ptr [00000030h]
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                jmp 00007F8FAD3A5A37h
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                cmp ecx, eax
                                                                                                                                                                                                je 00007F8FAD3A5A46h
                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                cmpxchg dword ptr [0003570Ch], ecx
                                                                                                                                                                                                jne 00007F8FAD3A5A20h
                                                                                                                                                                                                xor al, al
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                add esp, 28h
                                                                                                                                                                                                ret
                                                                                                                                                                                                mov al, 01h
                                                                                                                                                                                                jmp 00007F8FAD3A5A29h
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                sub esp, 28h
                                                                                                                                                                                                test ecx, ecx
                                                                                                                                                                                                jne 00007F8FAD3A5A39h
                                                                                                                                                                                                mov byte ptr [000356F5h], 00000001h
                                                                                                                                                                                                call 00007F8FAD3A5185h
                                                                                                                                                                                                call 00007F8FAD3A6470h
                                                                                                                                                                                                test al, al
                                                                                                                                                                                                jne 00007F8FAD3A5A36h
                                                                                                                                                                                                xor al, al
                                                                                                                                                                                                jmp 00007F8FAD3A5A46h
                                                                                                                                                                                                call 00007F8FAD3B2F8Fh
                                                                                                                                                                                                test al, al
                                                                                                                                                                                                jne 00007F8FAD3A5A3Bh
                                                                                                                                                                                                xor ecx, ecx
                                                                                                                                                                                                call 00007F8FAD3A6480h
                                                                                                                                                                                                jmp 00007F8FAD3A5A1Ch
                                                                                                                                                                                                mov al, 01h
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                add esp, 28h
                                                                                                                                                                                                ret
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                inc eax
                                                                                                                                                                                                push ebx
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                sub esp, 20h
                                                                                                                                                                                                cmp byte ptr [000356BCh], 00000000h
                                                                                                                                                                                                mov ebx, ecx
                                                                                                                                                                                                jne 00007F8FAD3A5A99h
                                                                                                                                                                                                cmp ecx, 01h
                                                                                                                                                                                                jnbe 00007F8FAD3A5A9Ch
                                                                                                                                                                                                call 00007F8FAD3A5FCEh
                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                je 00007F8FAD3A5A5Ah
                                                                                                                                                                                                test ebx, ebx
                                                                                                                                                                                                jne 00007F8FAD3A5A56h
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                lea ecx, dword ptr [000356A6h]
                                                                                                                                                                                                call 00007F8FAD3B2D82h

                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x3ca340x78.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000xf41c.rsrc
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x440000x2238.pdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x570000x764.reloc
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x3a0800x1c.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39f400x140.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x4a0.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                Sections

                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                .text0x10000x29f700x2a000b8c3814c5fb0b18492ad4ec2ffe0830aFalse0.5518740699404762data6.489205819736506IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .rdata0x2b0000x12a280x12c009a7ca3bfbaefdf3f045afda575ffe2f9False0.5242838541666667data5.750767265527297IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .data0x3e0000x53f80xe00dba0caeecab624a0ccc0d577241601d1False0.134765625data1.8392217063172436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                .pdata0x440000x22380x24009cd1eac931545f28ab09329f8bfce843False0.4697265625data5.2645170849678795IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .rsrc0x470000xf41c0xf600455788c285fcfdcb4008bc77e762818aFalse0.803099593495935data7.5549760623589695IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .reloc0x570000x7640x800816c68eeb419ee2c08656c31c06a0fffFalse0.5576171875data5.2809528666624175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                Resources

                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                RT_ICON0x472080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.585820895522388
                                                                                                                                                                                                RT_ICON0x480b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7360108303249098
                                                                                                                                                                                                RT_ICON0x489580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.755057803468208
                                                                                                                                                                                                RT_ICON0x48ec00x952cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9975384937676757
                                                                                                                                                                                                RT_ICON0x523ec0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3887966804979253
                                                                                                                                                                                                RT_ICON0x549940x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.49530956848030017
                                                                                                                                                                                                RT_ICON0x55a3c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7207446808510638
                                                                                                                                                                                                RT_GROUP_ICON0x55ea40x68data0.7019230769230769
                                                                                                                                                                                                RT_MANIFEST0x55f0c0x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                Imports

                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                USER32.dllCreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                COMCTL32.dll
                                                                                                                                                                                                KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
                                                                                                                                                                                                ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                Jan 7, 2025 13:19:11.077781916 CET49712443192.168.2.12216.198.79.129
                                                                                                                                                                                                Jan 7, 2025 13:19:11.077816010 CET44349712216.198.79.129192.168.2.12
                                                                                                                                                                                                Jan 7, 2025 13:19:11.077919006 CET49712443192.168.2.12216.198.79.129
                                                                                                                                                                                                Jan 7, 2025 13:19:11.078758001 CET49712443192.168.2.12216.198.79.129
                                                                                                                                                                                                Jan 7, 2025 13:19:11.078773022 CET44349712216.198.79.129192.168.2.12
                                                                                                                                                                                                Jan 7, 2025 13:19:11.547753096 CET44349712216.198.79.129192.168.2.12
                                                                                                                                                                                                Jan 7, 2025 13:19:11.548490047 CET49712443192.168.2.12216.198.79.129
                                                                                                                                                                                                Jan 7, 2025 13:19:11.548501968 CET44349712216.198.79.129192.168.2.12
                                                                                                                                                                                                Jan 7, 2025 13:19:11.549611092 CET44349712216.198.79.129192.168.2.12
                                                                                                                                                                                                Jan 7, 2025 13:19:11.549693108 CET49712443192.168.2.12216.198.79.129
                                                                                                                                                                                                Jan 7, 2025 13:19:11.550458908 CET49712443192.168.2.12216.198.79.129
                                                                                                                                                                                                Jan 7, 2025 13:19:11.550647020 CET44349712216.198.79.129192.168.2.12
                                                                                                                                                                                                Jan 7, 2025 13:19:11.550669909 CET49712443192.168.2.12216.198.79.129
                                                                                                                                                                                                Jan 7, 2025 13:19:11.550688982 CET49712443192.168.2.12216.198.79.129

                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                Jan 7, 2025 13:19:11.065066099 CET6356753192.168.2.121.1.1.1
                                                                                                                                                                                                Jan 7, 2025 13:19:11.074083090 CET53635671.1.1.1192.168.2.12

                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                Jan 7, 2025 13:19:11.065066099 CET192.168.2.121.1.1.10x5cebStandard query (0)handler-phi.vercel.appA (IP address)IN (0x0001)false

                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                Jan 7, 2025 13:19:11.074083090 CET1.1.1.1192.168.2.120x5cebNo error (0)handler-phi.vercel.app216.198.79.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                Jan 7, 2025 13:19:11.074083090 CET1.1.1.1192.168.2.120x5cebNo error (0)handler-phi.vercel.app64.29.17.129A (IP address)IN (0x0001)false

                                                                                                                                                                                                Statistics

                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                Behavior

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                Start time:07:19:03
                                                                                                                                                                                                Start date:07/01/2025
                                                                                                                                                                                                Path:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\LEmcGUQfA7.exe"
                                                                                                                                                                                                Imagebase:0x7ff6eb6e0000
                                                                                                                                                                                                File size:21'805'582 bytes
                                                                                                                                                                                                MD5 hash:36C21AD5CDBE18051C6B3024919DB784
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                Start time:07:19:07
                                                                                                                                                                                                Start date:07/01/2025
                                                                                                                                                                                                Path:C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\LEmcGUQfA7.exe"
                                                                                                                                                                                                Imagebase:0x7ff6eb6e0000
                                                                                                                                                                                                File size:21'805'582 bytes
                                                                                                                                                                                                MD5 hash:36C21AD5CDBE18051C6B3024919DB784
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                • Rule: JoeSecurity_CrealStealer, Description: Yara detected Creal Stealer, Source: 00000002.00000002.2488780954.000001908D1A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                Start time:07:19:09
                                                                                                                                                                                                Start date:07/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                                                Imagebase:0x7ff7f2f50000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:4
                                                                                                                                                                                                Start time:07:19:09
                                                                                                                                                                                                Start date:07/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff704000000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:5
                                                                                                                                                                                                Start time:07:19:09
                                                                                                                                                                                                Start date:07/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\cmd.exe /c pip install requests
                                                                                                                                                                                                Imagebase:0x7ff7f2f50000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:6
                                                                                                                                                                                                Start time:07:19:09
                                                                                                                                                                                                Start date:07/01/2025
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff704000000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                  Execution Coverage:10.3%
                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                  Signature Coverage:19.7%
                                                                                                                                                                                                  Total number of Nodes:2000
                                                                                                                                                                                                  Total number of Limit Nodes:36
                                                                                                                                                                                                  execution_graph 16145 7ff6eb6eccac 16166 7ff6eb6ece7c 16145->16166 16148 7ff6eb6ecdf8 16320 7ff6eb6ed19c IsProcessorFeaturePresent 16148->16320 16149 7ff6eb6eccc8 __scrt_acquire_startup_lock 16151 7ff6eb6ece02 16149->16151 16156 7ff6eb6ecce6 __scrt_release_startup_lock 16149->16156 16152 7ff6eb6ed19c 7 API calls 16151->16152 16154 7ff6eb6ece0d __CxxCallCatchBlock 16152->16154 16153 7ff6eb6ecd0b 16155 7ff6eb6ecd91 16172 7ff6eb6ed2e4 16155->16172 16156->16153 16156->16155 16309 7ff6eb6f9b9c 16156->16309 16158 7ff6eb6ecd96 16175 7ff6eb6e1000 16158->16175 16163 7ff6eb6ecdb9 16163->16154 16316 7ff6eb6ed000 16163->16316 16167 7ff6eb6ece84 16166->16167 16168 7ff6eb6ece90 __scrt_dllmain_crt_thread_attach 16167->16168 16169 7ff6eb6eccc0 16168->16169 16170 7ff6eb6ece9d 16168->16170 16169->16148 16169->16149 16170->16169 16327 7ff6eb6ed8f8 16170->16327 16354 7ff6eb70a540 16172->16354 16176 7ff6eb6e1009 16175->16176 16356 7ff6eb6f54f4 16176->16356 16178 7ff6eb6e37fb 16363 7ff6eb6e36b0 16178->16363 16182 7ff6eb6ec5c0 _log10_special 8 API calls 16184 7ff6eb6e3ca7 16182->16184 16314 7ff6eb6ed328 GetModuleHandleW 16184->16314 16185 7ff6eb6e391b 16539 7ff6eb6e45b0 16185->16539 16186 7ff6eb6e383c 16530 7ff6eb6e1c80 16186->16530 16190 7ff6eb6e385b 16435 7ff6eb6e8a20 16190->16435 16191 7ff6eb6e396a 16562 7ff6eb6e2710 16191->16562 16195 7ff6eb6e388e 16202 7ff6eb6e38bb __std_exception_copy 16195->16202 16534 7ff6eb6e8b90 16195->16534 16196 7ff6eb6e395d 16197 7ff6eb6e3962 16196->16197 16198 7ff6eb6e3984 16196->16198 16558 7ff6eb6f00bc 16197->16558 16201 7ff6eb6e1c80 49 API calls 16198->16201 16203 7ff6eb6e39a3 16201->16203 16204 7ff6eb6e8a20 14 API calls 16202->16204 16212 7ff6eb6e38de __std_exception_copy 16202->16212 16207 7ff6eb6e1950 115 API calls 16203->16207 16204->16212 16206 7ff6eb6e3a0b 16208 7ff6eb6e8b90 40 API calls 16206->16208 16209 7ff6eb6e39ce 16207->16209 16210 7ff6eb6e3a17 16208->16210 16209->16190 16211 7ff6eb6e39de 16209->16211 16213 7ff6eb6e8b90 40 API calls 16210->16213 16214 7ff6eb6e2710 54 API calls 16211->16214 16217 7ff6eb6e390e __std_exception_copy 16212->16217 16448 7ff6eb6e8b30 16212->16448 16215 7ff6eb6e3a23 16213->16215 16256 7ff6eb6e3808 __std_exception_copy 16214->16256 16216 7ff6eb6e8b90 40 API calls 16215->16216 16216->16217 16218 7ff6eb6e8a20 14 API calls 16217->16218 16219 7ff6eb6e3a3b 16218->16219 16220 7ff6eb6e3b2f 16219->16220 16221 7ff6eb6e3a60 __std_exception_copy 16219->16221 16222 7ff6eb6e2710 54 API calls 16220->16222 16223 7ff6eb6e8b30 40 API calls 16221->16223 16231 7ff6eb6e3aab 16221->16231 16222->16256 16223->16231 16224 7ff6eb6e8a20 14 API calls 16225 7ff6eb6e3bf4 __std_exception_copy 16224->16225 16226 7ff6eb6e3d41 16225->16226 16227 7ff6eb6e3c46 16225->16227 16573 7ff6eb6e44d0 16226->16573 16228 7ff6eb6e3cd4 16227->16228 16229 7ff6eb6e3c50 16227->16229 16233 7ff6eb6e8a20 14 API calls 16228->16233 16455 7ff6eb6e90e0 16229->16455 16231->16224 16236 7ff6eb6e3ce0 16233->16236 16234 7ff6eb6e3d4f 16237 7ff6eb6e3d65 16234->16237 16238 7ff6eb6e3d71 16234->16238 16240 7ff6eb6e3c61 16236->16240 16243 7ff6eb6e3ced 16236->16243 16576 7ff6eb6e4620 16237->16576 16239 7ff6eb6e1c80 49 API calls 16238->16239 16248 7ff6eb6e3cc8 __std_exception_copy 16239->16248 16246 7ff6eb6e2710 54 API calls 16240->16246 16247 7ff6eb6e1c80 49 API calls 16243->16247 16244 7ff6eb6e3dc4 16505 7ff6eb6e9400 16244->16505 16246->16256 16250 7ff6eb6e3d0b 16247->16250 16248->16244 16252 7ff6eb6e3da7 SetDllDirectoryW LoadLibraryExW 16248->16252 16250->16248 16251 7ff6eb6e3d12 16250->16251 16254 7ff6eb6e2710 54 API calls 16251->16254 16252->16244 16253 7ff6eb6e3dd7 SetDllDirectoryW 16257 7ff6eb6e3e0a 16253->16257 16298 7ff6eb6e3e5a 16253->16298 16254->16256 16256->16182 16259 7ff6eb6e8a20 14 API calls 16257->16259 16258 7ff6eb6e3ffc 16261 7ff6eb6e4006 PostMessageW GetMessageW 16258->16261 16262 7ff6eb6e4029 16258->16262 16265 7ff6eb6e3e16 __std_exception_copy 16259->16265 16260 7ff6eb6e3f1b 16510 7ff6eb6e33c0 16260->16510 16261->16262 16653 7ff6eb6e3360 16262->16653 16267 7ff6eb6e3ef2 16265->16267 16271 7ff6eb6e3e4e 16265->16271 16270 7ff6eb6e8b30 40 API calls 16267->16270 16270->16298 16271->16298 16579 7ff6eb6e6db0 16271->16579 16287 7ff6eb6e3e81 16298->16258 16298->16260 16310 7ff6eb6f9bd4 16309->16310 16311 7ff6eb6f9bb3 16309->16311 16312 7ff6eb6fa448 45 API calls 16310->16312 16311->16155 16313 7ff6eb6f9bd9 16312->16313 16315 7ff6eb6ed339 16314->16315 16315->16163 16317 7ff6eb6ed011 16316->16317 16318 7ff6eb6ecdd0 16317->16318 16319 7ff6eb6ed8f8 7 API calls 16317->16319 16318->16153 16319->16318 16321 7ff6eb6ed1c2 _isindst __scrt_get_show_window_mode 16320->16321 16322 7ff6eb6ed1e1 RtlCaptureContext RtlLookupFunctionEntry 16321->16322 16323 7ff6eb6ed20a RtlVirtualUnwind 16322->16323 16324 7ff6eb6ed246 __scrt_get_show_window_mode 16322->16324 16323->16324 16325 7ff6eb6ed278 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16324->16325 16326 7ff6eb6ed2c6 _isindst 16325->16326 16326->16151 16328 7ff6eb6ed900 16327->16328 16329 7ff6eb6ed90a 16327->16329 16333 7ff6eb6edc94 16328->16333 16329->16169 16334 7ff6eb6edca3 16333->16334 16335 7ff6eb6ed905 16333->16335 16341 7ff6eb6eded0 16334->16341 16337 7ff6eb6edd00 16335->16337 16338 7ff6eb6edd2b 16337->16338 16339 7ff6eb6edd0e DeleteCriticalSection 16338->16339 16340 7ff6eb6edd2f 16338->16340 16339->16338 16340->16329 16345 7ff6eb6edd38 16341->16345 16346 7ff6eb6ede22 TlsFree 16345->16346 16351 7ff6eb6edd7c __vcrt_FlsAlloc 16345->16351 16347 7ff6eb6eddaa LoadLibraryExW 16349 7ff6eb6eddcb GetLastError 16347->16349 16350 7ff6eb6ede49 16347->16350 16348 7ff6eb6ede69 GetProcAddress 16348->16346 16349->16351 16350->16348 16352 7ff6eb6ede60 FreeLibrary 16350->16352 16351->16346 16351->16347 16351->16348 16353 7ff6eb6edded LoadLibraryExW 16351->16353 16352->16348 16353->16350 16353->16351 16355 7ff6eb6ed2fb GetStartupInfoW 16354->16355 16355->16158 16358 7ff6eb6ff4f0 16356->16358 16357 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 16362 7ff6eb6ff56c 16357->16362 16359 7ff6eb6ff596 16358->16359 16360 7ff6eb6ff543 16358->16360 16666 7ff6eb6ff3c8 16359->16666 16360->16357 16362->16178 16674 7ff6eb6ec8c0 16363->16674 16366 7ff6eb6e3710 16676 7ff6eb6e92f0 FindFirstFileExW 16366->16676 16367 7ff6eb6e36eb GetLastError 16681 7ff6eb6e2c50 16367->16681 16371 7ff6eb6e3723 16696 7ff6eb6e9370 CreateFileW 16371->16696 16372 7ff6eb6e377d 16707 7ff6eb6e94b0 16372->16707 16373 7ff6eb6ec5c0 _log10_special 8 API calls 16376 7ff6eb6e37b5 16373->16376 16376->16256 16385 7ff6eb6e1950 16376->16385 16378 7ff6eb6e3706 16378->16373 16379 7ff6eb6e378b 16379->16378 16382 7ff6eb6e2810 49 API calls 16379->16382 16380 7ff6eb6e3734 16699 7ff6eb6e2810 16380->16699 16381 7ff6eb6e374c __vcrt_FlsAlloc 16381->16372 16382->16378 16386 7ff6eb6e45b0 108 API calls 16385->16386 16387 7ff6eb6e1985 16386->16387 16388 7ff6eb6e7f80 83 API calls 16387->16388 16395 7ff6eb6e1c43 16387->16395 16390 7ff6eb6e19cb 16388->16390 16389 7ff6eb6ec5c0 _log10_special 8 API calls 16391 7ff6eb6e1c5e 16389->16391 16434 7ff6eb6e1a03 16390->16434 17080 7ff6eb6f0744 16390->17080 16391->16185 16391->16186 16393 7ff6eb6f00bc 74 API calls 16393->16395 16394 7ff6eb6e19e5 16396 7ff6eb6e19e9 16394->16396 16397 7ff6eb6e1a08 16394->16397 16395->16389 16398 7ff6eb6f4f78 _set_fmode 11 API calls 16396->16398 17084 7ff6eb6f040c 16397->17084 16401 7ff6eb6e19ee 16398->16401 17087 7ff6eb6e2910 16401->17087 16402 7ff6eb6e1a45 16408 7ff6eb6e1a7b 16402->16408 16409 7ff6eb6e1a5c 16402->16409 16403 7ff6eb6e1a26 16405 7ff6eb6f4f78 _set_fmode 11 API calls 16403->16405 16406 7ff6eb6e1a2b 16405->16406 16407 7ff6eb6e2910 54 API calls 16406->16407 16407->16434 16411 7ff6eb6e1c80 49 API calls 16408->16411 16410 7ff6eb6f4f78 _set_fmode 11 API calls 16409->16410 16413 7ff6eb6e1a61 16410->16413 16412 7ff6eb6e1a92 16411->16412 16414 7ff6eb6e1c80 49 API calls 16412->16414 16415 7ff6eb6e2910 54 API calls 16413->16415 16416 7ff6eb6e1add 16414->16416 16415->16434 16417 7ff6eb6f0744 73 API calls 16416->16417 16418 7ff6eb6e1b01 16417->16418 16419 7ff6eb6e1b35 16418->16419 16420 7ff6eb6e1b16 16418->16420 16422 7ff6eb6f040c _fread_nolock 53 API calls 16419->16422 16421 7ff6eb6f4f78 _set_fmode 11 API calls 16420->16421 16423 7ff6eb6e1b1b 16421->16423 16424 7ff6eb6e1b4a 16422->16424 16425 7ff6eb6e2910 54 API calls 16423->16425 16426 7ff6eb6e1b6f 16424->16426 16427 7ff6eb6e1b50 16424->16427 16425->16434 17102 7ff6eb6f0180 16426->17102 16428 7ff6eb6f4f78 _set_fmode 11 API calls 16427->16428 16430 7ff6eb6e1b55 16428->16430 16432 7ff6eb6e2910 54 API calls 16430->16432 16432->16434 16433 7ff6eb6e2710 54 API calls 16433->16434 16434->16393 16436 7ff6eb6e8a2a 16435->16436 16437 7ff6eb6e9400 2 API calls 16436->16437 16438 7ff6eb6e8a49 GetEnvironmentVariableW 16437->16438 16439 7ff6eb6e8ab2 16438->16439 16440 7ff6eb6e8a66 ExpandEnvironmentStringsW 16438->16440 16442 7ff6eb6ec5c0 _log10_special 8 API calls 16439->16442 16440->16439 16441 7ff6eb6e8a88 16440->16441 16443 7ff6eb6e94b0 2 API calls 16441->16443 16444 7ff6eb6e8ac4 16442->16444 16445 7ff6eb6e8a9a 16443->16445 16444->16195 16446 7ff6eb6ec5c0 _log10_special 8 API calls 16445->16446 16447 7ff6eb6e8aaa 16446->16447 16447->16195 16449 7ff6eb6e9400 2 API calls 16448->16449 16450 7ff6eb6e8b4c 16449->16450 16451 7ff6eb6e9400 2 API calls 16450->16451 16452 7ff6eb6e8b5c 16451->16452 17320 7ff6eb6f82a8 16452->17320 16454 7ff6eb6e8b6a __std_exception_copy 16454->16206 16456 7ff6eb6e90f5 16455->16456 17338 7ff6eb6e8760 GetCurrentProcess OpenProcessToken 16456->17338 16459 7ff6eb6e8760 7 API calls 16460 7ff6eb6e9121 16459->16460 16461 7ff6eb6e9154 16460->16461 16462 7ff6eb6e913a 16460->16462 16464 7ff6eb6e26b0 48 API calls 16461->16464 16463 7ff6eb6e26b0 48 API calls 16462->16463 16465 7ff6eb6e9152 16463->16465 16466 7ff6eb6e9167 LocalFree LocalFree 16464->16466 16465->16466 16467 7ff6eb6e9183 16466->16467 16469 7ff6eb6e918f 16466->16469 17348 7ff6eb6e2b50 16467->17348 16470 7ff6eb6ec5c0 _log10_special 8 API calls 16469->16470 16471 7ff6eb6e3c55 16470->16471 16471->16240 16472 7ff6eb6e8850 16471->16472 16473 7ff6eb6e8868 16472->16473 16474 7ff6eb6e888c 16473->16474 16475 7ff6eb6e88ea GetTempPathW GetCurrentProcessId 16473->16475 16477 7ff6eb6e8a20 14 API calls 16474->16477 17357 7ff6eb6e25c0 16475->17357 16478 7ff6eb6e8898 16477->16478 17364 7ff6eb6e81c0 16478->17364 16484 7ff6eb6e8918 __std_exception_copy 16491 7ff6eb6e8955 __std_exception_copy 16484->16491 17361 7ff6eb6f8bd8 16484->17361 16490 7ff6eb6ec5c0 _log10_special 8 API calls 16492 7ff6eb6e3cbb 16490->16492 16496 7ff6eb6e9400 2 API calls 16491->16496 16504 7ff6eb6e89c4 __std_exception_copy 16491->16504 16492->16240 16492->16248 16497 7ff6eb6e89a1 16496->16497 16498 7ff6eb6e89d9 16497->16498 16499 7ff6eb6e89a6 16497->16499 16500 7ff6eb6f82a8 38 API calls 16498->16500 16501 7ff6eb6e9400 2 API calls 16499->16501 16500->16504 16502 7ff6eb6e89b6 16501->16502 16504->16490 16506 7ff6eb6e9422 MultiByteToWideChar 16505->16506 16507 7ff6eb6e9446 16505->16507 16506->16507 16509 7ff6eb6e945c __std_exception_copy 16506->16509 16508 7ff6eb6e9463 MultiByteToWideChar 16507->16508 16507->16509 16508->16509 16509->16253 16519 7ff6eb6e33ce __scrt_get_show_window_mode 16510->16519 16511 7ff6eb6e35c7 16512 7ff6eb6ec5c0 _log10_special 8 API calls 16511->16512 16513 7ff6eb6e3664 16512->16513 16513->16256 16529 7ff6eb6e90c0 LocalFree 16513->16529 16515 7ff6eb6e1c80 49 API calls 16515->16519 16516 7ff6eb6e35e2 16518 7ff6eb6e2710 54 API calls 16516->16518 16518->16511 16519->16511 16519->16515 16519->16516 16521 7ff6eb6e35c9 16519->16521 16523 7ff6eb6e2a50 54 API calls 16519->16523 16527 7ff6eb6e35d0 16519->16527 17635 7ff6eb6e4550 16519->17635 17641 7ff6eb6e7e10 16519->17641 17652 7ff6eb6e1600 16519->17652 17700 7ff6eb6e7110 16519->17700 17704 7ff6eb6e4180 16519->17704 17748 7ff6eb6e4440 16519->17748 16524 7ff6eb6e2710 54 API calls 16521->16524 16523->16519 16524->16511 16528 7ff6eb6e2710 54 API calls 16527->16528 16528->16511 16531 7ff6eb6e1ca5 16530->16531 16532 7ff6eb6f49f4 49 API calls 16531->16532 16533 7ff6eb6e1cc8 16532->16533 16533->16190 16535 7ff6eb6e9400 2 API calls 16534->16535 16536 7ff6eb6e8ba4 16535->16536 16537 7ff6eb6f82a8 38 API calls 16536->16537 16538 7ff6eb6e8bb6 __std_exception_copy 16537->16538 16538->16202 16540 7ff6eb6e45bc 16539->16540 16541 7ff6eb6e9400 2 API calls 16540->16541 16542 7ff6eb6e45e4 16541->16542 16543 7ff6eb6e9400 2 API calls 16542->16543 16544 7ff6eb6e45f7 16543->16544 17931 7ff6eb6f6004 16544->17931 16547 7ff6eb6ec5c0 _log10_special 8 API calls 16548 7ff6eb6e392b 16547->16548 16548->16191 16549 7ff6eb6e7f80 16548->16549 16550 7ff6eb6e7fa4 16549->16550 16551 7ff6eb6f0744 73 API calls 16550->16551 16556 7ff6eb6e807b __std_exception_copy 16550->16556 16552 7ff6eb6e7fc0 16551->16552 16552->16556 18322 7ff6eb6f7938 16552->18322 16554 7ff6eb6f0744 73 API calls 16557 7ff6eb6e7fd5 16554->16557 16555 7ff6eb6f040c _fread_nolock 53 API calls 16555->16557 16556->16196 16557->16554 16557->16555 16557->16556 16559 7ff6eb6f00ec 16558->16559 18337 7ff6eb6efe98 16559->18337 16561 7ff6eb6f0105 16561->16191 16563 7ff6eb6ec8c0 16562->16563 16564 7ff6eb6e2734 GetCurrentProcessId 16563->16564 16565 7ff6eb6e1c80 49 API calls 16564->16565 16566 7ff6eb6e2787 16565->16566 16567 7ff6eb6f49f4 49 API calls 16566->16567 16568 7ff6eb6e27cf 16567->16568 16569 7ff6eb6e2620 12 API calls 16568->16569 16570 7ff6eb6e27f1 16569->16570 16571 7ff6eb6ec5c0 _log10_special 8 API calls 16570->16571 16572 7ff6eb6e2801 16571->16572 16572->16256 16574 7ff6eb6e1c80 49 API calls 16573->16574 16575 7ff6eb6e44ed 16574->16575 16575->16234 16577 7ff6eb6e1c80 49 API calls 16576->16577 16578 7ff6eb6e4650 16577->16578 16578->16248 16580 7ff6eb6e6dc5 16579->16580 16581 7ff6eb6e3e6c 16580->16581 16582 7ff6eb6f4f78 _set_fmode 11 API calls 16580->16582 16585 7ff6eb6e7330 16581->16585 16583 7ff6eb6e6dd2 16582->16583 16584 7ff6eb6e2910 54 API calls 16583->16584 16584->16581 18348 7ff6eb6e1470 16585->18348 16587 7ff6eb6e7358 16588 7ff6eb6e4620 49 API calls 16587->16588 16594 7ff6eb6e74a9 __std_exception_copy 16587->16594 16589 7ff6eb6e737a 16588->16589 16594->16287 18454 7ff6eb6e6350 16653->18454 16661 7ff6eb6e3399 16662 7ff6eb6e3670 16661->16662 16663 7ff6eb6e367e 16662->16663 16673 7ff6eb6f54dc EnterCriticalSection 16666->16673 16675 7ff6eb6e36bc GetModuleFileNameW 16674->16675 16675->16366 16675->16367 16677 7ff6eb6e9342 16676->16677 16678 7ff6eb6e932f FindClose 16676->16678 16679 7ff6eb6ec5c0 _log10_special 8 API calls 16677->16679 16678->16677 16680 7ff6eb6e371a 16679->16680 16680->16371 16680->16372 16682 7ff6eb6ec8c0 16681->16682 16683 7ff6eb6e2c70 GetCurrentProcessId 16682->16683 16712 7ff6eb6e26b0 16683->16712 16685 7ff6eb6e2cb9 16716 7ff6eb6f4c48 16685->16716 16688 7ff6eb6e26b0 48 API calls 16689 7ff6eb6e2d34 FormatMessageW 16688->16689 16691 7ff6eb6e2d7f MessageBoxW 16689->16691 16692 7ff6eb6e2d6d 16689->16692 16694 7ff6eb6ec5c0 _log10_special 8 API calls 16691->16694 16693 7ff6eb6e26b0 48 API calls 16692->16693 16693->16691 16695 7ff6eb6e2daf 16694->16695 16695->16378 16697 7ff6eb6e93b0 GetFinalPathNameByHandleW CloseHandle 16696->16697 16698 7ff6eb6e3730 16696->16698 16697->16698 16698->16380 16698->16381 16700 7ff6eb6e2834 16699->16700 16701 7ff6eb6e26b0 48 API calls 16700->16701 16702 7ff6eb6e2887 16701->16702 16703 7ff6eb6f4c48 48 API calls 16702->16703 16704 7ff6eb6e28d0 MessageBoxW 16703->16704 16705 7ff6eb6ec5c0 _log10_special 8 API calls 16704->16705 16706 7ff6eb6e2900 16705->16706 16706->16378 16708 7ff6eb6e94da WideCharToMultiByte 16707->16708 16709 7ff6eb6e9505 16707->16709 16708->16709 16710 7ff6eb6e951b __std_exception_copy 16708->16710 16709->16710 16711 7ff6eb6e9522 WideCharToMultiByte 16709->16711 16710->16379 16711->16710 16713 7ff6eb6e26d5 16712->16713 16714 7ff6eb6f4c48 48 API calls 16713->16714 16715 7ff6eb6e26f8 16714->16715 16715->16685 16717 7ff6eb6f4ca2 16716->16717 16718 7ff6eb6f4cc7 16717->16718 16720 7ff6eb6f4d03 16717->16720 16719 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 16718->16719 16722 7ff6eb6f4cf1 16719->16722 16734 7ff6eb6f3000 16720->16734 16724 7ff6eb6ec5c0 _log10_special 8 API calls 16722->16724 16723 7ff6eb6f4de4 16725 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 16723->16725 16726 7ff6eb6e2d04 16724->16726 16725->16722 16726->16688 16728 7ff6eb6f4db9 16731 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 16728->16731 16729 7ff6eb6f4e0a 16729->16723 16730 7ff6eb6f4e14 16729->16730 16733 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 16730->16733 16731->16722 16732 7ff6eb6f4db0 16732->16723 16732->16728 16733->16722 16735 7ff6eb6f303e 16734->16735 16736 7ff6eb6f302e 16734->16736 16737 7ff6eb6f3047 16735->16737 16743 7ff6eb6f3075 16735->16743 16738 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 16736->16738 16739 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 16737->16739 16740 7ff6eb6f306d 16738->16740 16739->16740 16740->16723 16740->16728 16740->16729 16740->16732 16743->16736 16743->16740 16745 7ff6eb6f3a14 16743->16745 16778 7ff6eb6f3460 16743->16778 16815 7ff6eb6f2bf0 16743->16815 16746 7ff6eb6f3a56 16745->16746 16747 7ff6eb6f3ac7 16745->16747 16750 7ff6eb6f3af1 16746->16750 16751 7ff6eb6f3a5c 16746->16751 16748 7ff6eb6f3b20 16747->16748 16749 7ff6eb6f3acc 16747->16749 16757 7ff6eb6f3b2a 16748->16757 16758 7ff6eb6f3b37 16748->16758 16763 7ff6eb6f3b2f 16748->16763 16752 7ff6eb6f3b01 16749->16752 16753 7ff6eb6f3ace 16749->16753 16838 7ff6eb6f1dc4 16750->16838 16754 7ff6eb6f3a90 16751->16754 16755 7ff6eb6f3a61 16751->16755 16845 7ff6eb6f19b4 16752->16845 16756 7ff6eb6f3a70 16753->16756 16766 7ff6eb6f3add 16753->16766 16760 7ff6eb6f3a67 16754->16760 16754->16763 16755->16758 16755->16760 16776 7ff6eb6f3b60 16756->16776 16818 7ff6eb6f41c8 16756->16818 16757->16750 16757->16763 16852 7ff6eb6f471c 16758->16852 16760->16756 16765 7ff6eb6f3aa2 16760->16765 16772 7ff6eb6f3a8b 16760->16772 16763->16776 16856 7ff6eb6f21d4 16763->16856 16765->16776 16828 7ff6eb6f4504 16765->16828 16766->16750 16768 7ff6eb6f3ae2 16766->16768 16768->16776 16834 7ff6eb6f45c8 16768->16834 16770 7ff6eb6ec5c0 _log10_special 8 API calls 16771 7ff6eb6f3e5a 16770->16771 16771->16743 16772->16776 16777 7ff6eb6f3d4c 16772->16777 16863 7ff6eb6f4830 16772->16863 16776->16770 16777->16776 16869 7ff6eb6fea78 16777->16869 16779 7ff6eb6f3484 16778->16779 16780 7ff6eb6f346e 16778->16780 16781 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 16779->16781 16796 7ff6eb6f34c4 16779->16796 16782 7ff6eb6f3a56 16780->16782 16783 7ff6eb6f3ac7 16780->16783 16780->16796 16781->16796 16786 7ff6eb6f3af1 16782->16786 16787 7ff6eb6f3a5c 16782->16787 16784 7ff6eb6f3b20 16783->16784 16785 7ff6eb6f3acc 16783->16785 16793 7ff6eb6f3b2a 16784->16793 16794 7ff6eb6f3b37 16784->16794 16800 7ff6eb6f3b2f 16784->16800 16788 7ff6eb6f3b01 16785->16788 16789 7ff6eb6f3ace 16785->16789 16795 7ff6eb6f1dc4 38 API calls 16786->16795 16790 7ff6eb6f3a90 16787->16790 16791 7ff6eb6f3a61 16787->16791 16798 7ff6eb6f19b4 38 API calls 16788->16798 16792 7ff6eb6f3a70 16789->16792 16804 7ff6eb6f3add 16789->16804 16797 7ff6eb6f3a67 16790->16797 16790->16800 16791->16794 16791->16797 16799 7ff6eb6f41c8 47 API calls 16792->16799 16814 7ff6eb6f3b60 16792->16814 16793->16786 16793->16800 16801 7ff6eb6f471c 45 API calls 16794->16801 16811 7ff6eb6f3a8b 16795->16811 16796->16743 16797->16792 16802 7ff6eb6f3aa2 16797->16802 16797->16811 16798->16811 16799->16811 16803 7ff6eb6f21d4 38 API calls 16800->16803 16800->16814 16801->16811 16805 7ff6eb6f4504 46 API calls 16802->16805 16802->16814 16803->16811 16804->16786 16806 7ff6eb6f3ae2 16804->16806 16805->16811 16809 7ff6eb6f45c8 37 API calls 16806->16809 16806->16814 16807 7ff6eb6ec5c0 _log10_special 8 API calls 16808 7ff6eb6f3e5a 16807->16808 16808->16743 16809->16811 16810 7ff6eb6f4830 45 API calls 16813 7ff6eb6f3d4c 16810->16813 16811->16810 16811->16813 16811->16814 16812 7ff6eb6fea78 46 API calls 16812->16813 16813->16812 16813->16814 16814->16807 17063 7ff6eb6f1038 16815->17063 16819 7ff6eb6f41ee 16818->16819 16881 7ff6eb6f0bf0 16819->16881 16824 7ff6eb6f4333 16826 7ff6eb6f43c1 16824->16826 16827 7ff6eb6f4830 45 API calls 16824->16827 16825 7ff6eb6f4830 45 API calls 16825->16824 16826->16772 16827->16826 16830 7ff6eb6f4539 16828->16830 16829 7ff6eb6f457e 16829->16772 16830->16829 16831 7ff6eb6f4557 16830->16831 16832 7ff6eb6f4830 45 API calls 16830->16832 16833 7ff6eb6fea78 46 API calls 16831->16833 16832->16831 16833->16829 16837 7ff6eb6f45e9 16834->16837 16835 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 16836 7ff6eb6f461a 16835->16836 16836->16772 16837->16835 16837->16836 16839 7ff6eb6f1df7 16838->16839 16840 7ff6eb6f1e26 16839->16840 16843 7ff6eb6f1ee3 16839->16843 16841 7ff6eb6f1e63 16840->16841 17017 7ff6eb6f0c98 16840->17017 16841->16772 16844 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 16843->16844 16844->16841 16846 7ff6eb6f19e7 16845->16846 16847 7ff6eb6f1a16 16846->16847 16849 7ff6eb6f1ad3 16846->16849 16848 7ff6eb6f0c98 12 API calls 16847->16848 16851 7ff6eb6f1a53 16847->16851 16848->16851 16850 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 16849->16850 16850->16851 16851->16772 16853 7ff6eb6f475f 16852->16853 16855 7ff6eb6f4763 __crtLCMapStringW 16853->16855 17025 7ff6eb6f47b8 16853->17025 16855->16772 16857 7ff6eb6f2207 16856->16857 16858 7ff6eb6f2236 16857->16858 16860 7ff6eb6f22f3 16857->16860 16859 7ff6eb6f0c98 12 API calls 16858->16859 16862 7ff6eb6f2273 16858->16862 16859->16862 16861 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 16860->16861 16861->16862 16862->16772 16864 7ff6eb6f4847 16863->16864 17029 7ff6eb6fda28 16864->17029 16870 7ff6eb6feaa9 16869->16870 16878 7ff6eb6feab7 16869->16878 16871 7ff6eb6fead7 16870->16871 16872 7ff6eb6f4830 45 API calls 16870->16872 16870->16878 16873 7ff6eb6feb0f 16871->16873 16874 7ff6eb6feae8 16871->16874 16872->16871 16876 7ff6eb6feb9a 16873->16876 16877 7ff6eb6feb39 16873->16877 16873->16878 17053 7ff6eb700110 16874->17053 16879 7ff6eb6ff910 _fread_nolock MultiByteToWideChar 16876->16879 16877->16878 17056 7ff6eb6ff910 16877->17056 16878->16777 16879->16878 16882 7ff6eb6f0c16 16881->16882 16883 7ff6eb6f0c27 16881->16883 16889 7ff6eb6fe5e0 16882->16889 16883->16882 16884 7ff6eb6fd66c _fread_nolock 12 API calls 16883->16884 16885 7ff6eb6f0c54 16884->16885 16886 7ff6eb6f0c68 16885->16886 16887 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 16885->16887 16888 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 16886->16888 16887->16886 16888->16882 16890 7ff6eb6fe5fd 16889->16890 16892 7ff6eb6fe630 16889->16892 16891 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 16890->16891 16901 7ff6eb6f4311 16891->16901 16892->16890 16893 7ff6eb6fe662 16892->16893 16899 7ff6eb6fe775 16893->16899 16904 7ff6eb6fe6aa 16893->16904 16894 7ff6eb6fe867 16944 7ff6eb6fdacc 16894->16944 16896 7ff6eb6fe82d 16937 7ff6eb6fde64 16896->16937 16898 7ff6eb6fe7fc 16930 7ff6eb6fe144 16898->16930 16899->16894 16899->16896 16899->16898 16900 7ff6eb6fe7bf 16899->16900 16903 7ff6eb6fe7b5 16899->16903 16920 7ff6eb6fe374 16900->16920 16901->16824 16901->16825 16903->16896 16906 7ff6eb6fe7ba 16903->16906 16904->16901 16911 7ff6eb6fa514 16904->16911 16906->16898 16906->16900 16909 7ff6eb6fa970 _isindst 17 API calls 16910 7ff6eb6fe8c4 16909->16910 16912 7ff6eb6fa521 16911->16912 16913 7ff6eb6fa52b 16911->16913 16912->16913 16918 7ff6eb6fa546 16912->16918 16914 7ff6eb6f4f78 _set_fmode 11 API calls 16913->16914 16915 7ff6eb6fa532 16914->16915 16916 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 16915->16916 16917 7ff6eb6fa53e 16916->16917 16917->16901 16917->16909 16918->16917 16919 7ff6eb6f4f78 _set_fmode 11 API calls 16918->16919 16919->16915 16953 7ff6eb70411c 16920->16953 16924 7ff6eb6fe41c 16925 7ff6eb6fe471 16924->16925 16927 7ff6eb6fe43c 16924->16927 16929 7ff6eb6fe420 16924->16929 17006 7ff6eb6fdf60 16925->17006 17002 7ff6eb6fe21c 16927->17002 16929->16901 16931 7ff6eb70411c 38 API calls 16930->16931 16932 7ff6eb6fe18e 16931->16932 16933 7ff6eb703b64 37 API calls 16932->16933 16934 7ff6eb6fe1de 16933->16934 16935 7ff6eb6fe1e2 16934->16935 16936 7ff6eb6fe21c 45 API calls 16934->16936 16935->16901 16936->16935 16938 7ff6eb70411c 38 API calls 16937->16938 16939 7ff6eb6fdeaf 16938->16939 16940 7ff6eb703b64 37 API calls 16939->16940 16941 7ff6eb6fdf07 16940->16941 16942 7ff6eb6fdf0b 16941->16942 16943 7ff6eb6fdf60 45 API calls 16941->16943 16942->16901 16943->16942 16945 7ff6eb6fdb44 16944->16945 16946 7ff6eb6fdb11 16944->16946 16948 7ff6eb6fdb5c 16945->16948 16950 7ff6eb6fdbdd 16945->16950 16947 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 16946->16947 16952 7ff6eb6fdb3d __scrt_get_show_window_mode 16947->16952 16949 7ff6eb6fde64 46 API calls 16948->16949 16949->16952 16951 7ff6eb6f4830 45 API calls 16950->16951 16950->16952 16951->16952 16952->16901 16954 7ff6eb70416f fegetenv 16953->16954 16955 7ff6eb707e9c 37 API calls 16954->16955 16958 7ff6eb7041c2 16955->16958 16956 7ff6eb7041ef 16960 7ff6eb6fa514 __std_exception_copy 37 API calls 16956->16960 16957 7ff6eb7042b2 16959 7ff6eb707e9c 37 API calls 16957->16959 16958->16957 16963 7ff6eb70428c 16958->16963 16964 7ff6eb7041dd 16958->16964 16961 7ff6eb7042dc 16959->16961 16962 7ff6eb70426d 16960->16962 16965 7ff6eb707e9c 37 API calls 16961->16965 16966 7ff6eb705394 16962->16966 16972 7ff6eb704275 16962->16972 16967 7ff6eb6fa514 __std_exception_copy 37 API calls 16963->16967 16964->16956 16964->16957 16968 7ff6eb7042ed 16965->16968 16970 7ff6eb6fa970 _isindst 17 API calls 16966->16970 16967->16962 16969 7ff6eb708090 20 API calls 16968->16969 16980 7ff6eb704356 __scrt_get_show_window_mode 16969->16980 16971 7ff6eb7053a9 16970->16971 16973 7ff6eb6ec5c0 _log10_special 8 API calls 16972->16973 16974 7ff6eb6fe3c1 16973->16974 16998 7ff6eb703b64 16974->16998 16975 7ff6eb7046ff __scrt_get_show_window_mode 16976 7ff6eb704a3f 16977 7ff6eb703c80 37 API calls 16976->16977 16986 7ff6eb705157 16977->16986 16978 7ff6eb7049eb 16978->16976 16982 7ff6eb7053ac memcpy_s 37 API calls 16978->16982 16979 7ff6eb704397 memcpy_s 16985 7ff6eb704cdb memcpy_s __scrt_get_show_window_mode 16979->16985 16988 7ff6eb7047f3 memcpy_s __scrt_get_show_window_mode 16979->16988 16980->16975 16980->16979 16983 7ff6eb6f4f78 _set_fmode 11 API calls 16980->16983 16981 7ff6eb7051b2 16989 7ff6eb705338 16981->16989 16994 7ff6eb703c80 37 API calls 16981->16994 16996 7ff6eb7053ac memcpy_s 37 API calls 16981->16996 16982->16976 16984 7ff6eb7047d0 16983->16984 16987 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 16984->16987 16985->16976 16985->16978 16992 7ff6eb6f4f78 11 API calls _set_fmode 16985->16992 16997 7ff6eb6fa950 37 API calls _invalid_parameter_noinfo 16985->16997 16986->16981 16990 7ff6eb7053ac memcpy_s 37 API calls 16986->16990 16987->16979 16988->16978 16993 7ff6eb6f4f78 11 API calls _set_fmode 16988->16993 16995 7ff6eb6fa950 37 API calls _invalid_parameter_noinfo 16988->16995 16991 7ff6eb707e9c 37 API calls 16989->16991 16990->16981 16991->16972 16992->16985 16993->16988 16994->16981 16995->16988 16996->16981 16997->16985 16999 7ff6eb703b83 16998->16999 17000 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 16999->17000 17001 7ff6eb703bae memcpy_s 16999->17001 17000->17001 17001->16924 17003 7ff6eb6fe248 memcpy_s 17002->17003 17004 7ff6eb6f4830 45 API calls 17003->17004 17005 7ff6eb6fe302 memcpy_s __scrt_get_show_window_mode 17003->17005 17004->17005 17005->16929 17007 7ff6eb6fdf9b 17006->17007 17011 7ff6eb6fdfe8 memcpy_s 17006->17011 17008 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 17007->17008 17009 7ff6eb6fdfc7 17008->17009 17009->16929 17010 7ff6eb6fe053 17012 7ff6eb6fa514 __std_exception_copy 37 API calls 17010->17012 17011->17010 17013 7ff6eb6f4830 45 API calls 17011->17013 17014 7ff6eb6fe095 memcpy_s 17012->17014 17013->17010 17015 7ff6eb6fa970 _isindst 17 API calls 17014->17015 17016 7ff6eb6fe140 17015->17016 17018 7ff6eb6f0ccf 17017->17018 17019 7ff6eb6f0cbe 17017->17019 17018->17019 17020 7ff6eb6fd66c _fread_nolock 12 API calls 17018->17020 17019->16841 17021 7ff6eb6f0d00 17020->17021 17022 7ff6eb6f0d14 17021->17022 17024 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 17021->17024 17023 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 17022->17023 17023->17019 17024->17022 17026 7ff6eb6f47de 17025->17026 17027 7ff6eb6f47d6 17025->17027 17026->16855 17028 7ff6eb6f4830 45 API calls 17027->17028 17028->17026 17030 7ff6eb6fda41 17029->17030 17031 7ff6eb6f486f 17029->17031 17030->17031 17037 7ff6eb703374 17030->17037 17033 7ff6eb6fda94 17031->17033 17034 7ff6eb6f487f 17033->17034 17035 7ff6eb6fdaad 17033->17035 17034->16777 17035->17034 17050 7ff6eb7026c0 17035->17050 17038 7ff6eb6fb1c0 __CxxCallCatchBlock 45 API calls 17037->17038 17039 7ff6eb703383 17038->17039 17040 7ff6eb7033ce 17039->17040 17049 7ff6eb700348 EnterCriticalSection 17039->17049 17040->17031 17051 7ff6eb6fb1c0 __CxxCallCatchBlock 45 API calls 17050->17051 17052 7ff6eb7026c9 17051->17052 17059 7ff6eb706df8 17053->17059 17057 7ff6eb6ff919 MultiByteToWideChar 17056->17057 17062 7ff6eb706e5c 17059->17062 17060 7ff6eb6ec5c0 _log10_special 8 API calls 17061 7ff6eb70012d 17060->17061 17061->16878 17062->17060 17064 7ff6eb6f107f 17063->17064 17065 7ff6eb6f106d 17063->17065 17068 7ff6eb6f108d 17064->17068 17072 7ff6eb6f10c9 17064->17072 17066 7ff6eb6f4f78 _set_fmode 11 API calls 17065->17066 17067 7ff6eb6f1072 17066->17067 17069 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 17067->17069 17070 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 17068->17070 17077 7ff6eb6f107d 17069->17077 17070->17077 17071 7ff6eb6f1445 17073 7ff6eb6f4f78 _set_fmode 11 API calls 17071->17073 17071->17077 17072->17071 17074 7ff6eb6f4f78 _set_fmode 11 API calls 17072->17074 17075 7ff6eb6f16d9 17073->17075 17076 7ff6eb6f143a 17074->17076 17078 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 17075->17078 17079 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 17076->17079 17077->16743 17078->17077 17079->17071 17081 7ff6eb6f0774 17080->17081 17108 7ff6eb6f04d4 17081->17108 17083 7ff6eb6f078d 17083->16394 17120 7ff6eb6f042c 17084->17120 17088 7ff6eb6ec8c0 17087->17088 17089 7ff6eb6e2930 GetCurrentProcessId 17088->17089 17090 7ff6eb6e1c80 49 API calls 17089->17090 17091 7ff6eb6e2979 17090->17091 17134 7ff6eb6f49f4 17091->17134 17096 7ff6eb6e1c80 49 API calls 17097 7ff6eb6e29ff 17096->17097 17164 7ff6eb6e2620 17097->17164 17100 7ff6eb6ec5c0 _log10_special 8 API calls 17101 7ff6eb6e2a31 17100->17101 17101->16434 17103 7ff6eb6e1b89 17102->17103 17104 7ff6eb6f0189 17102->17104 17103->16433 17103->16434 17105 7ff6eb6f4f78 _set_fmode 11 API calls 17104->17105 17106 7ff6eb6f018e 17105->17106 17107 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 17106->17107 17107->17103 17109 7ff6eb6f053e 17108->17109 17110 7ff6eb6f04fe 17108->17110 17109->17110 17112 7ff6eb6f054a 17109->17112 17111 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 17110->17111 17114 7ff6eb6f0525 17111->17114 17119 7ff6eb6f54dc EnterCriticalSection 17112->17119 17114->17083 17121 7ff6eb6e1a20 17120->17121 17122 7ff6eb6f0456 17120->17122 17121->16402 17121->16403 17122->17121 17123 7ff6eb6f0465 __scrt_get_show_window_mode 17122->17123 17124 7ff6eb6f04a2 17122->17124 17127 7ff6eb6f4f78 _set_fmode 11 API calls 17123->17127 17133 7ff6eb6f54dc EnterCriticalSection 17124->17133 17129 7ff6eb6f047a 17127->17129 17131 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 17129->17131 17131->17121 17138 7ff6eb6f4a4e 17134->17138 17135 7ff6eb6f4a73 17136 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 17135->17136 17140 7ff6eb6f4a9d 17136->17140 17137 7ff6eb6f4aaf 17173 7ff6eb6f2c80 17137->17173 17138->17135 17138->17137 17143 7ff6eb6ec5c0 _log10_special 8 API calls 17140->17143 17141 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 17141->17140 17145 7ff6eb6e29c3 17143->17145 17144 7ff6eb6f4b8c 17144->17141 17152 7ff6eb6f51d0 17145->17152 17146 7ff6eb6f4bb0 17146->17144 17149 7ff6eb6f4bba 17146->17149 17147 7ff6eb6f4b61 17150 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 17147->17150 17148 7ff6eb6f4b58 17148->17144 17148->17147 17151 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 17149->17151 17150->17140 17151->17140 17153 7ff6eb6fb338 _set_fmode 11 API calls 17152->17153 17154 7ff6eb6f51e7 17153->17154 17155 7ff6eb6e29e5 17154->17155 17156 7ff6eb6fec08 _set_fmode 11 API calls 17154->17156 17159 7ff6eb6f5227 17154->17159 17155->17096 17157 7ff6eb6f521c 17156->17157 17158 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 17157->17158 17158->17159 17159->17155 17311 7ff6eb6fec90 17159->17311 17162 7ff6eb6fa970 _isindst 17 API calls 17163 7ff6eb6f526c 17162->17163 17165 7ff6eb6e262f 17164->17165 17166 7ff6eb6e9400 2 API calls 17165->17166 17167 7ff6eb6e2660 17166->17167 17168 7ff6eb6e2683 MessageBoxA 17167->17168 17169 7ff6eb6e266f MessageBoxW 17167->17169 17170 7ff6eb6e2690 17168->17170 17169->17170 17171 7ff6eb6ec5c0 _log10_special 8 API calls 17170->17171 17172 7ff6eb6e26a0 17171->17172 17172->17100 17174 7ff6eb6f2cbe 17173->17174 17175 7ff6eb6f2cae 17173->17175 17176 7ff6eb6f2cc7 17174->17176 17181 7ff6eb6f2cf5 17174->17181 17179 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 17175->17179 17177 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 17176->17177 17178 7ff6eb6f2ced 17177->17178 17178->17144 17178->17146 17178->17147 17178->17148 17179->17178 17180 7ff6eb6f4830 45 API calls 17180->17181 17181->17175 17181->17178 17181->17180 17183 7ff6eb6f2fa4 17181->17183 17187 7ff6eb6f3610 17181->17187 17213 7ff6eb6f32d8 17181->17213 17243 7ff6eb6f2b60 17181->17243 17185 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 17183->17185 17185->17175 17188 7ff6eb6f36c5 17187->17188 17189 7ff6eb6f3652 17187->17189 17192 7ff6eb6f371f 17188->17192 17193 7ff6eb6f36ca 17188->17193 17190 7ff6eb6f36ef 17189->17190 17191 7ff6eb6f3658 17189->17191 17260 7ff6eb6f1bc0 17190->17260 17200 7ff6eb6f365d 17191->17200 17204 7ff6eb6f372e 17191->17204 17192->17190 17192->17204 17211 7ff6eb6f3688 17192->17211 17194 7ff6eb6f36ff 17193->17194 17195 7ff6eb6f36cc 17193->17195 17267 7ff6eb6f17b0 17194->17267 17197 7ff6eb6f366d 17195->17197 17203 7ff6eb6f36db 17195->17203 17212 7ff6eb6f375d 17197->17212 17246 7ff6eb6f3f74 17197->17246 17200->17197 17201 7ff6eb6f36a0 17200->17201 17200->17211 17201->17212 17256 7ff6eb6f4430 17201->17256 17203->17190 17206 7ff6eb6f36e0 17203->17206 17204->17212 17274 7ff6eb6f1fd0 17204->17274 17209 7ff6eb6f45c8 37 API calls 17206->17209 17206->17212 17207 7ff6eb6ec5c0 _log10_special 8 API calls 17208 7ff6eb6f39f3 17207->17208 17208->17181 17209->17211 17211->17212 17281 7ff6eb6fe8c8 17211->17281 17212->17207 17214 7ff6eb6f32e3 17213->17214 17215 7ff6eb6f32f9 17213->17215 17216 7ff6eb6f36c5 17214->17216 17217 7ff6eb6f3652 17214->17217 17219 7ff6eb6f3337 17214->17219 17218 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 17215->17218 17215->17219 17222 7ff6eb6f371f 17216->17222 17223 7ff6eb6f36ca 17216->17223 17220 7ff6eb6f36ef 17217->17220 17221 7ff6eb6f3658 17217->17221 17218->17219 17219->17181 17226 7ff6eb6f1bc0 38 API calls 17220->17226 17230 7ff6eb6f365d 17221->17230 17232 7ff6eb6f372e 17221->17232 17222->17220 17222->17232 17241 7ff6eb6f3688 17222->17241 17224 7ff6eb6f36ff 17223->17224 17225 7ff6eb6f36cc 17223->17225 17228 7ff6eb6f17b0 38 API calls 17224->17228 17227 7ff6eb6f366d 17225->17227 17234 7ff6eb6f36db 17225->17234 17226->17241 17229 7ff6eb6f3f74 47 API calls 17227->17229 17242 7ff6eb6f375d 17227->17242 17228->17241 17229->17241 17230->17227 17231 7ff6eb6f36a0 17230->17231 17230->17241 17235 7ff6eb6f4430 47 API calls 17231->17235 17231->17242 17233 7ff6eb6f1fd0 38 API calls 17232->17233 17232->17242 17233->17241 17234->17220 17236 7ff6eb6f36e0 17234->17236 17235->17241 17239 7ff6eb6f45c8 37 API calls 17236->17239 17236->17242 17237 7ff6eb6ec5c0 _log10_special 8 API calls 17238 7ff6eb6f39f3 17237->17238 17238->17181 17239->17241 17240 7ff6eb6fe8c8 47 API calls 17240->17241 17241->17240 17241->17242 17242->17237 17294 7ff6eb6f0d84 17243->17294 17247 7ff6eb6f3f96 17246->17247 17248 7ff6eb6f0bf0 12 API calls 17247->17248 17249 7ff6eb6f3fde 17248->17249 17250 7ff6eb6fe5e0 46 API calls 17249->17250 17251 7ff6eb6f40b1 17250->17251 17252 7ff6eb6f4830 45 API calls 17251->17252 17253 7ff6eb6f40d3 17251->17253 17252->17253 17254 7ff6eb6f4830 45 API calls 17253->17254 17255 7ff6eb6f415c 17253->17255 17254->17255 17255->17211 17257 7ff6eb6f4448 17256->17257 17259 7ff6eb6f44b0 17256->17259 17258 7ff6eb6fe8c8 47 API calls 17257->17258 17257->17259 17258->17259 17259->17211 17261 7ff6eb6f1bf3 17260->17261 17262 7ff6eb6f1c22 17261->17262 17264 7ff6eb6f1cdf 17261->17264 17263 7ff6eb6f0bf0 12 API calls 17262->17263 17266 7ff6eb6f1c5f 17262->17266 17263->17266 17265 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 17264->17265 17265->17266 17266->17211 17268 7ff6eb6f17e3 17267->17268 17269 7ff6eb6f1812 17268->17269 17271 7ff6eb6f18cf 17268->17271 17270 7ff6eb6f0bf0 12 API calls 17269->17270 17273 7ff6eb6f184f 17269->17273 17270->17273 17272 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 17271->17272 17272->17273 17273->17211 17275 7ff6eb6f2003 17274->17275 17276 7ff6eb6f2032 17275->17276 17279 7ff6eb6f20ef 17275->17279 17277 7ff6eb6f206f 17276->17277 17278 7ff6eb6f0bf0 12 API calls 17276->17278 17277->17211 17278->17277 17280 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 17279->17280 17280->17277 17282 7ff6eb6fe8f0 17281->17282 17283 7ff6eb6fe935 17282->17283 17284 7ff6eb6fe8f5 __scrt_get_show_window_mode 17282->17284 17286 7ff6eb6f4830 45 API calls 17282->17286 17287 7ff6eb6fe91e __scrt_get_show_window_mode 17282->17287 17283->17284 17283->17287 17291 7ff6eb700858 17283->17291 17284->17211 17285 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 17285->17284 17286->17283 17287->17284 17287->17285 17293 7ff6eb70087c WideCharToMultiByte 17291->17293 17295 7ff6eb6f0db1 17294->17295 17297 7ff6eb6f0dc3 17294->17297 17296 7ff6eb6f4f78 _set_fmode 11 API calls 17295->17296 17299 7ff6eb6f0db6 17296->17299 17298 7ff6eb6f0dd0 17297->17298 17302 7ff6eb6f0e0d 17297->17302 17300 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 17298->17300 17301 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 17299->17301 17308 7ff6eb6f0dc1 17300->17308 17301->17308 17303 7ff6eb6f0eb6 17302->17303 17304 7ff6eb6f4f78 _set_fmode 11 API calls 17302->17304 17305 7ff6eb6f4f78 _set_fmode 11 API calls 17303->17305 17303->17308 17306 7ff6eb6f0eab 17304->17306 17307 7ff6eb6f0f60 17305->17307 17309 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 17306->17309 17310 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 17307->17310 17308->17181 17309->17303 17310->17308 17314 7ff6eb6fecad 17311->17314 17312 7ff6eb6fecb2 17313 7ff6eb6f4f78 _set_fmode 11 API calls 17312->17313 17317 7ff6eb6f524d 17312->17317 17319 7ff6eb6fecbc 17313->17319 17314->17312 17316 7ff6eb6fecfc 17314->17316 17314->17317 17315 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 17315->17317 17316->17317 17318 7ff6eb6f4f78 _set_fmode 11 API calls 17316->17318 17317->17155 17317->17162 17318->17319 17319->17315 17321 7ff6eb6f82b5 17320->17321 17322 7ff6eb6f82c8 17320->17322 17323 7ff6eb6f4f78 _set_fmode 11 API calls 17321->17323 17330 7ff6eb6f7f2c 17322->17330 17325 7ff6eb6f82ba 17323->17325 17327 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 17325->17327 17328 7ff6eb6f82c6 17327->17328 17328->16454 17337 7ff6eb700348 EnterCriticalSection 17330->17337 17339 7ff6eb6e8823 __std_exception_copy 17338->17339 17340 7ff6eb6e87a1 GetTokenInformation 17338->17340 17343 7ff6eb6e883c 17339->17343 17344 7ff6eb6e8836 CloseHandle 17339->17344 17341 7ff6eb6e87c2 GetLastError 17340->17341 17342 7ff6eb6e87cd 17340->17342 17341->17339 17341->17342 17342->17339 17345 7ff6eb6e87e9 GetTokenInformation 17342->17345 17343->16459 17344->17343 17345->17339 17346 7ff6eb6e880c 17345->17346 17346->17339 17347 7ff6eb6e8816 ConvertSidToStringSidW 17346->17347 17347->17339 17349 7ff6eb6ec8c0 17348->17349 17350 7ff6eb6e2b74 GetCurrentProcessId 17349->17350 17351 7ff6eb6e26b0 48 API calls 17350->17351 17352 7ff6eb6e2bc7 17351->17352 17353 7ff6eb6f4c48 48 API calls 17352->17353 17354 7ff6eb6e2c10 MessageBoxW 17353->17354 17355 7ff6eb6ec5c0 _log10_special 8 API calls 17354->17355 17356 7ff6eb6e2c40 17355->17356 17356->16469 17358 7ff6eb6e25e5 17357->17358 17359 7ff6eb6f4c48 48 API calls 17358->17359 17360 7ff6eb6e2604 17359->17360 17360->16484 17396 7ff6eb6f8804 17361->17396 17365 7ff6eb6e81cc 17364->17365 17366 7ff6eb6e9400 2 API calls 17365->17366 17367 7ff6eb6e81eb 17366->17367 17368 7ff6eb6e81f3 17367->17368 17369 7ff6eb6e8206 ExpandEnvironmentStringsW 17367->17369 17371 7ff6eb6e2810 49 API calls 17368->17371 17370 7ff6eb6e822c __std_exception_copy 17369->17370 17372 7ff6eb6e8243 17370->17372 17373 7ff6eb6e8230 17370->17373 17395 7ff6eb6e81ff __std_exception_copy 17371->17395 17377 7ff6eb6e8251 GetDriveTypeW 17372->17377 17378 7ff6eb6e82af 17372->17378 17374 7ff6eb6e2810 49 API calls 17373->17374 17374->17395 17375 7ff6eb6ec5c0 _log10_special 8 API calls 17376 7ff6eb6e839f 17375->17376 17382 7ff6eb6e8285 17377->17382 17383 7ff6eb6e82a0 17377->17383 17534 7ff6eb6f7e78 17378->17534 17395->17375 17437 7ff6eb7015c8 17396->17437 17496 7ff6eb701340 17437->17496 17517 7ff6eb700348 EnterCriticalSection 17496->17517 17636 7ff6eb6e455a 17635->17636 17637 7ff6eb6e9400 2 API calls 17636->17637 17638 7ff6eb6e457f 17637->17638 17639 7ff6eb6ec5c0 _log10_special 8 API calls 17638->17639 17640 7ff6eb6e45a7 17639->17640 17640->16519 17642 7ff6eb6e7e1e 17641->17642 17643 7ff6eb6e7f42 17642->17643 17644 7ff6eb6e1c80 49 API calls 17642->17644 17645 7ff6eb6ec5c0 _log10_special 8 API calls 17643->17645 17649 7ff6eb6e7ea5 17644->17649 17646 7ff6eb6e7f73 17645->17646 17646->16519 17647 7ff6eb6e1c80 49 API calls 17647->17649 17648 7ff6eb6e4550 10 API calls 17648->17649 17649->17643 17649->17647 17649->17648 17650 7ff6eb6e9400 2 API calls 17649->17650 17651 7ff6eb6e7f13 CreateDirectoryW 17650->17651 17651->17643 17651->17649 17653 7ff6eb6e1613 17652->17653 17654 7ff6eb6e1637 17652->17654 17773 7ff6eb6e1050 17653->17773 17656 7ff6eb6e45b0 108 API calls 17654->17656 17658 7ff6eb6e164b 17656->17658 17657 7ff6eb6e1618 17661 7ff6eb6e162e 17657->17661 17664 7ff6eb6e2710 54 API calls 17657->17664 17659 7ff6eb6e1653 17658->17659 17660 7ff6eb6e1682 17658->17660 17662 7ff6eb6f4f78 _set_fmode 11 API calls 17659->17662 17663 7ff6eb6e45b0 108 API calls 17660->17663 17661->16519 17665 7ff6eb6e1658 17662->17665 17666 7ff6eb6e1696 17663->17666 17664->17661 17667 7ff6eb6e2910 54 API calls 17665->17667 17668 7ff6eb6e169e 17666->17668 17669 7ff6eb6e16b8 17666->17669 17670 7ff6eb6e1671 17667->17670 17671 7ff6eb6e2710 54 API calls 17668->17671 17672 7ff6eb6f0744 73 API calls 17669->17672 17670->16519 17673 7ff6eb6e16ae 17671->17673 17674 7ff6eb6e16cd 17672->17674 17679 7ff6eb6f00bc 74 API calls 17673->17679 17675 7ff6eb6e16d1 17674->17675 17676 7ff6eb6e16f9 17674->17676 17680 7ff6eb6f4f78 _set_fmode 11 API calls 17675->17680 17677 7ff6eb6e16ff 17676->17677 17678 7ff6eb6e1717 17676->17678 17751 7ff6eb6e1210 17677->17751 17685 7ff6eb6e1739 17678->17685 17695 7ff6eb6e1761 17678->17695 17683 7ff6eb6e1829 17679->17683 17681 7ff6eb6e16d6 17680->17681 17683->16519 17701 7ff6eb6e717b 17700->17701 17703 7ff6eb6e7134 17700->17703 17701->16519 17703->17701 17837 7ff6eb6f5094 17703->17837 17705 7ff6eb6e4191 17704->17705 17706 7ff6eb6e44d0 49 API calls 17705->17706 17707 7ff6eb6e41cb 17706->17707 17708 7ff6eb6e44d0 49 API calls 17707->17708 17709 7ff6eb6e41db 17708->17709 17710 7ff6eb6e41fd 17709->17710 17711 7ff6eb6e422c 17709->17711 17868 7ff6eb6e4100 17710->17868 17713 7ff6eb6e4100 51 API calls 17711->17713 17714 7ff6eb6e422a 17713->17714 17715 7ff6eb6e428c 17714->17715 17716 7ff6eb6e4257 17714->17716 17718 7ff6eb6e4100 51 API calls 17715->17718 17875 7ff6eb6e7ce0 17716->17875 17720 7ff6eb6e42b0 17718->17720 17749 7ff6eb6e1c80 49 API calls 17748->17749 17750 7ff6eb6e4464 17749->17750 17750->16519 17774 7ff6eb6e45b0 108 API calls 17773->17774 17775 7ff6eb6e108c 17774->17775 17776 7ff6eb6e1094 17775->17776 17777 7ff6eb6e10a9 17775->17777 17779 7ff6eb6e2710 54 API calls 17776->17779 17778 7ff6eb6f0744 73 API calls 17777->17778 17780 7ff6eb6e10bf 17778->17780 17785 7ff6eb6e10a4 __std_exception_copy 17779->17785 17781 7ff6eb6e10c3 17780->17781 17782 7ff6eb6e10e6 17780->17782 17783 7ff6eb6f4f78 _set_fmode 11 API calls 17781->17783 17787 7ff6eb6e1122 17782->17787 17788 7ff6eb6e10f7 17782->17788 17784 7ff6eb6e10c8 17783->17784 17786 7ff6eb6e2910 54 API calls 17784->17786 17785->17657 17794 7ff6eb6e10e1 __std_exception_copy 17786->17794 17789 7ff6eb6e1129 17787->17789 17798 7ff6eb6e113c 17787->17798 17790 7ff6eb6f4f78 _set_fmode 11 API calls 17788->17790 17791 7ff6eb6e1210 92 API calls 17789->17791 17792 7ff6eb6e1100 17790->17792 17791->17794 17795 7ff6eb6e2910 54 API calls 17792->17795 17793 7ff6eb6f00bc 74 API calls 17794->17793 17795->17794 17797 7ff6eb6f040c _fread_nolock 53 API calls 17797->17798 17798->17794 17798->17797 17800 7ff6eb6e11ed 17798->17800 17801 7ff6eb6f4f78 _set_fmode 11 API calls 17800->17801 17838 7ff6eb6f50a1 17837->17838 17839 7ff6eb6f50ce 17837->17839 17840 7ff6eb6f5058 17838->17840 17842 7ff6eb6f4f78 _set_fmode 11 API calls 17838->17842 17841 7ff6eb6f50f1 17839->17841 17844 7ff6eb6f510d 17839->17844 17840->17703 17843 7ff6eb6f4f78 _set_fmode 11 API calls 17841->17843 17845 7ff6eb6f50ab 17842->17845 17846 7ff6eb6f50f6 17843->17846 17852 7ff6eb6f4fbc 17844->17852 17848 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 17845->17848 17849 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 17846->17849 17850 7ff6eb6f50b6 17848->17850 17851 7ff6eb6f5101 17849->17851 17850->17703 17851->17703 17853 7ff6eb6f4fe0 17852->17853 17854 7ff6eb6f4fdb 17852->17854 17853->17854 17855 7ff6eb6fb1c0 __CxxCallCatchBlock 45 API calls 17853->17855 17854->17851 17856 7ff6eb6f4ffb 17855->17856 17860 7ff6eb6fd9f4 17856->17860 17861 7ff6eb6f501e 17860->17861 17862 7ff6eb6fda09 17860->17862 17864 7ff6eb6fda60 17861->17864 17862->17861 17863 7ff6eb703374 45 API calls 17862->17863 17863->17861 17865 7ff6eb6fda75 17864->17865 17867 7ff6eb6fda88 17864->17867 17865->17867 17867->17854 17869 7ff6eb6e4126 17868->17869 17870 7ff6eb6f49f4 49 API calls 17869->17870 17871 7ff6eb6e414c 17870->17871 17872 7ff6eb6e415d 17871->17872 17873 7ff6eb6e4550 10 API calls 17871->17873 17872->17714 17874 7ff6eb6e416f 17873->17874 17874->17714 17876 7ff6eb6e7cf5 17875->17876 17932 7ff6eb6f5f38 17931->17932 17933 7ff6eb6f5f5e 17932->17933 17935 7ff6eb6f5f91 17932->17935 17934 7ff6eb6f4f78 _set_fmode 11 API calls 17933->17934 17936 7ff6eb6f5f63 17934->17936 17937 7ff6eb6f5fa4 17935->17937 17938 7ff6eb6f5f97 17935->17938 17939 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 17936->17939 17950 7ff6eb6fac98 17937->17950 17940 7ff6eb6f4f78 _set_fmode 11 API calls 17938->17940 17942 7ff6eb6e4606 17939->17942 17940->17942 17942->16547 17963 7ff6eb700348 EnterCriticalSection 17950->17963 18323 7ff6eb6f7968 18322->18323 18326 7ff6eb6f7444 18323->18326 18325 7ff6eb6f7981 18325->16557 18327 7ff6eb6f748e 18326->18327 18328 7ff6eb6f745f 18326->18328 18336 7ff6eb6f54dc EnterCriticalSection 18327->18336 18329 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 18328->18329 18331 7ff6eb6f747f 18329->18331 18331->18325 18338 7ff6eb6efeb3 18337->18338 18339 7ff6eb6efee1 18337->18339 18340 7ff6eb6fa884 _invalid_parameter_noinfo 37 API calls 18338->18340 18342 7ff6eb6efed3 18339->18342 18347 7ff6eb6f54dc EnterCriticalSection 18339->18347 18340->18342 18342->16561 18349 7ff6eb6e45b0 108 API calls 18348->18349 18350 7ff6eb6e1493 18349->18350 18351 7ff6eb6e149b 18350->18351 18352 7ff6eb6e14bc 18350->18352 18353 7ff6eb6e2710 54 API calls 18351->18353 18354 7ff6eb6f0744 73 API calls 18352->18354 18355 7ff6eb6e14ab 18353->18355 18356 7ff6eb6e14d1 18354->18356 18355->16587 18357 7ff6eb6e14d5 18356->18357 18358 7ff6eb6e14f8 18356->18358 18359 7ff6eb6f4f78 _set_fmode 11 API calls 18357->18359 18361 7ff6eb6e1532 18358->18361 18362 7ff6eb6e1508 18358->18362 18455 7ff6eb6e6365 18454->18455 18456 7ff6eb6e1c80 49 API calls 18455->18456 18457 7ff6eb6e63a1 18456->18457 18458 7ff6eb6e63aa 18457->18458 18459 7ff6eb6e63cd 18457->18459 18461 7ff6eb6e2710 54 API calls 18458->18461 18460 7ff6eb6e4620 49 API calls 18459->18460 18462 7ff6eb6e63e5 18460->18462 18478 7ff6eb6e63c3 18461->18478 18463 7ff6eb6e6403 18462->18463 18464 7ff6eb6e2710 54 API calls 18462->18464 18465 7ff6eb6e4550 10 API calls 18463->18465 18464->18463 18467 7ff6eb6e640d 18465->18467 18466 7ff6eb6ec5c0 _log10_special 8 API calls 18468 7ff6eb6e336e 18466->18468 18469 7ff6eb6e641b 18467->18469 18470 7ff6eb6e9070 3 API calls 18467->18470 18468->16661 18485 7ff6eb6e64f0 18468->18485 18471 7ff6eb6e4620 49 API calls 18469->18471 18470->18469 18478->18466 18634 7ff6eb6e53f0 18485->18634 18636 7ff6eb6e541c 18634->18636 18635 7ff6eb6e5424 18636->18635 18639 7ff6eb6e55c4 18636->18639 18665 7ff6eb6f6b14 18636->18665 19789 7ff6eb701720 19800 7ff6eb707454 19789->19800 19801 7ff6eb707461 19800->19801 19802 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19801->19802 19803 7ff6eb70747d 19801->19803 19802->19801 19804 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19803->19804 19805 7ff6eb701729 19803->19805 19804->19803 19806 7ff6eb700348 EnterCriticalSection 19805->19806 18798 7ff6eb6f5698 18799 7ff6eb6f56b2 18798->18799 18800 7ff6eb6f56cf 18798->18800 18802 7ff6eb6f4f58 _fread_nolock 11 API calls 18799->18802 18800->18799 18801 7ff6eb6f56e2 CreateFileW 18800->18801 18803 7ff6eb6f574c 18801->18803 18804 7ff6eb6f5716 18801->18804 18805 7ff6eb6f56b7 18802->18805 18849 7ff6eb6f5c74 18803->18849 18823 7ff6eb6f57ec GetFileType 18804->18823 18808 7ff6eb6f4f78 _set_fmode 11 API calls 18805->18808 18811 7ff6eb6f56bf 18808->18811 18816 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 18811->18816 18812 7ff6eb6f5741 CloseHandle 18818 7ff6eb6f56ca 18812->18818 18813 7ff6eb6f572b CloseHandle 18813->18818 18814 7ff6eb6f5755 18819 7ff6eb6f4eec _fread_nolock 11 API calls 18814->18819 18815 7ff6eb6f5780 18870 7ff6eb6f5a34 18815->18870 18816->18818 18822 7ff6eb6f575f 18819->18822 18822->18818 18824 7ff6eb6f583a 18823->18824 18825 7ff6eb6f58f7 18823->18825 18826 7ff6eb6f5866 GetFileInformationByHandle 18824->18826 18830 7ff6eb6f5b70 21 API calls 18824->18830 18827 7ff6eb6f5921 18825->18827 18828 7ff6eb6f58ff 18825->18828 18831 7ff6eb6f5912 GetLastError 18826->18831 18832 7ff6eb6f588f 18826->18832 18829 7ff6eb6f5944 PeekNamedPipe 18827->18829 18839 7ff6eb6f58e2 18827->18839 18828->18831 18833 7ff6eb6f5903 18828->18833 18829->18839 18835 7ff6eb6f5854 18830->18835 18834 7ff6eb6f4eec _fread_nolock 11 API calls 18831->18834 18836 7ff6eb6f5a34 51 API calls 18832->18836 18837 7ff6eb6f4f78 _set_fmode 11 API calls 18833->18837 18834->18839 18835->18826 18835->18839 18838 7ff6eb6f589a 18836->18838 18837->18839 18887 7ff6eb6f5994 18838->18887 18840 7ff6eb6ec5c0 _log10_special 8 API calls 18839->18840 18842 7ff6eb6f5724 18840->18842 18842->18812 18842->18813 18844 7ff6eb6f5994 10 API calls 18845 7ff6eb6f58b9 18844->18845 18846 7ff6eb6f5994 10 API calls 18845->18846 18847 7ff6eb6f58ca 18846->18847 18847->18839 18848 7ff6eb6f4f78 _set_fmode 11 API calls 18847->18848 18848->18839 18850 7ff6eb6f5caa 18849->18850 18851 7ff6eb6f4f78 _set_fmode 11 API calls 18850->18851 18869 7ff6eb6f5d42 __std_exception_copy 18850->18869 18853 7ff6eb6f5cbc 18851->18853 18852 7ff6eb6ec5c0 _log10_special 8 API calls 18854 7ff6eb6f5751 18852->18854 18855 7ff6eb6f4f78 _set_fmode 11 API calls 18853->18855 18854->18814 18854->18815 18856 7ff6eb6f5cc4 18855->18856 18857 7ff6eb6f7e78 45 API calls 18856->18857 18858 7ff6eb6f5cd9 18857->18858 18859 7ff6eb6f5ce1 18858->18859 18860 7ff6eb6f5ceb 18858->18860 18861 7ff6eb6f4f78 _set_fmode 11 API calls 18859->18861 18862 7ff6eb6f4f78 _set_fmode 11 API calls 18860->18862 18866 7ff6eb6f5ce6 18861->18866 18863 7ff6eb6f5cf0 18862->18863 18864 7ff6eb6f4f78 _set_fmode 11 API calls 18863->18864 18863->18869 18865 7ff6eb6f5cfa 18864->18865 18867 7ff6eb6f7e78 45 API calls 18865->18867 18868 7ff6eb6f5d34 GetDriveTypeW 18866->18868 18866->18869 18867->18866 18868->18869 18869->18852 18872 7ff6eb6f5a5c 18870->18872 18871 7ff6eb6f578d 18880 7ff6eb6f5b70 18871->18880 18872->18871 18894 7ff6eb6ff794 18872->18894 18874 7ff6eb6f5af0 18874->18871 18875 7ff6eb6ff794 51 API calls 18874->18875 18876 7ff6eb6f5b03 18875->18876 18876->18871 18877 7ff6eb6ff794 51 API calls 18876->18877 18878 7ff6eb6f5b16 18877->18878 18878->18871 18879 7ff6eb6ff794 51 API calls 18878->18879 18879->18871 18881 7ff6eb6f5b8a 18880->18881 18882 7ff6eb6f5bc1 18881->18882 18883 7ff6eb6f5b9a 18881->18883 18885 7ff6eb6ff628 21 API calls 18882->18885 18884 7ff6eb6f5baa 18883->18884 18886 7ff6eb6f4eec _fread_nolock 11 API calls 18883->18886 18884->18822 18885->18884 18886->18884 18888 7ff6eb6f59b0 18887->18888 18889 7ff6eb6f59bd FileTimeToSystemTime 18887->18889 18888->18889 18891 7ff6eb6f59b8 18888->18891 18890 7ff6eb6f59d1 SystemTimeToTzSpecificLocalTime 18889->18890 18889->18891 18890->18891 18892 7ff6eb6ec5c0 _log10_special 8 API calls 18891->18892 18893 7ff6eb6f58a9 18892->18893 18893->18844 18895 7ff6eb6ff7a1 18894->18895 18896 7ff6eb6ff7c5 18894->18896 18895->18896 18897 7ff6eb6ff7a6 18895->18897 18898 7ff6eb6ff7ff 18896->18898 18901 7ff6eb6ff81e 18896->18901 18899 7ff6eb6f4f78 _set_fmode 11 API calls 18897->18899 18900 7ff6eb6f4f78 _set_fmode 11 API calls 18898->18900 18902 7ff6eb6ff7ab 18899->18902 18903 7ff6eb6ff804 18900->18903 18904 7ff6eb6f4fbc 45 API calls 18901->18904 18905 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 18902->18905 18906 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 18903->18906 18908 7ff6eb6ff82b 18904->18908 18907 7ff6eb6ff7b6 18905->18907 18909 7ff6eb6ff80f 18906->18909 18907->18874 18908->18909 18910 7ff6eb70054c 51 API calls 18908->18910 18909->18874 18910->18908 19836 7ff6eb70ac53 19837 7ff6eb70ac63 19836->19837 19840 7ff6eb6f54e8 LeaveCriticalSection 19837->19840 20338 7ff6eb70add9 20341 7ff6eb6f54e8 LeaveCriticalSection 20338->20341 20357 7ff6eb6fc590 20368 7ff6eb700348 EnterCriticalSection 20357->20368 19640 7ff6eb6f5480 19641 7ff6eb6f548b 19640->19641 19649 7ff6eb6ff314 19641->19649 19662 7ff6eb700348 EnterCriticalSection 19649->19662 19874 7ff6eb70ae6e 19875 7ff6eb70ae87 19874->19875 19876 7ff6eb70ae7d 19874->19876 19878 7ff6eb7003a8 LeaveCriticalSection 19876->19878 18743 7ff6eb6ff9fc 18744 7ff6eb6ffbee 18743->18744 18747 7ff6eb6ffa3e _isindst 18743->18747 18745 7ff6eb6f4f78 _set_fmode 11 API calls 18744->18745 18763 7ff6eb6ffbde 18745->18763 18746 7ff6eb6ec5c0 _log10_special 8 API calls 18748 7ff6eb6ffc09 18746->18748 18747->18744 18749 7ff6eb6ffabe _isindst 18747->18749 18764 7ff6eb706204 18749->18764 18754 7ff6eb6ffc1a 18756 7ff6eb6fa970 _isindst 17 API calls 18754->18756 18758 7ff6eb6ffc2e 18756->18758 18761 7ff6eb6ffb1b 18761->18763 18789 7ff6eb706248 18761->18789 18763->18746 18765 7ff6eb706213 18764->18765 18766 7ff6eb6ffadc 18764->18766 18796 7ff6eb700348 EnterCriticalSection 18765->18796 18771 7ff6eb705608 18766->18771 18772 7ff6eb705611 18771->18772 18774 7ff6eb6ffaf1 18771->18774 18773 7ff6eb6f4f78 _set_fmode 11 API calls 18772->18773 18775 7ff6eb705616 18773->18775 18774->18754 18777 7ff6eb705638 18774->18777 18776 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 18775->18776 18776->18774 18778 7ff6eb705641 18777->18778 18779 7ff6eb6ffb02 18777->18779 18780 7ff6eb6f4f78 _set_fmode 11 API calls 18778->18780 18779->18754 18783 7ff6eb705668 18779->18783 18781 7ff6eb705646 18780->18781 18782 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 18781->18782 18782->18779 18784 7ff6eb705671 18783->18784 18785 7ff6eb6ffb13 18783->18785 18786 7ff6eb6f4f78 _set_fmode 11 API calls 18784->18786 18785->18754 18785->18761 18787 7ff6eb705676 18786->18787 18788 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 18787->18788 18788->18785 18797 7ff6eb700348 EnterCriticalSection 18789->18797 15918 7ff6eb6ebb50 15919 7ff6eb6ebb7e 15918->15919 15920 7ff6eb6ebb65 15918->15920 15920->15919 15923 7ff6eb6fd66c 15920->15923 15924 7ff6eb6fd6b7 15923->15924 15928 7ff6eb6fd67b _set_fmode 15923->15928 15933 7ff6eb6f4f78 15924->15933 15926 7ff6eb6fd69e HeapAlloc 15927 7ff6eb6ebbde 15926->15927 15926->15928 15928->15924 15928->15926 15930 7ff6eb703600 15928->15930 15936 7ff6eb703640 15930->15936 15942 7ff6eb6fb338 GetLastError 15933->15942 15935 7ff6eb6f4f81 15935->15927 15941 7ff6eb700348 EnterCriticalSection 15936->15941 15943 7ff6eb6fb379 FlsSetValue 15942->15943 15947 7ff6eb6fb35c 15942->15947 15944 7ff6eb6fb38b 15943->15944 15956 7ff6eb6fb369 SetLastError 15943->15956 15959 7ff6eb6fec08 15944->15959 15947->15943 15947->15956 15949 7ff6eb6fb3b8 FlsSetValue 15951 7ff6eb6fb3c4 FlsSetValue 15949->15951 15952 7ff6eb6fb3d6 15949->15952 15950 7ff6eb6fb3a8 FlsSetValue 15953 7ff6eb6fb3b1 15950->15953 15951->15953 15974 7ff6eb6faf64 15952->15974 15968 7ff6eb6fa9b8 15953->15968 15956->15935 15960 7ff6eb6fec19 15959->15960 15966 7ff6eb6fec27 _set_fmode 15959->15966 15961 7ff6eb6fec6a 15960->15961 15960->15966 15964 7ff6eb6f4f78 _set_fmode 10 API calls 15961->15964 15962 7ff6eb6fec4e HeapAlloc 15963 7ff6eb6fec68 15962->15963 15962->15966 15965 7ff6eb6fb39a 15963->15965 15964->15965 15965->15949 15965->15950 15966->15961 15966->15962 15967 7ff6eb703600 _set_fmode 2 API calls 15966->15967 15967->15966 15969 7ff6eb6fa9ec 15968->15969 15970 7ff6eb6fa9bd RtlFreeHeap 15968->15970 15969->15956 15970->15969 15971 7ff6eb6fa9d8 GetLastError 15970->15971 15972 7ff6eb6fa9e5 __free_lconv_mon 15971->15972 15973 7ff6eb6f4f78 _set_fmode 9 API calls 15972->15973 15973->15969 15979 7ff6eb6fae3c 15974->15979 15991 7ff6eb700348 EnterCriticalSection 15979->15991 15993 7ff6eb6f99d1 16005 7ff6eb6fa448 15993->16005 16010 7ff6eb6fb1c0 GetLastError 16005->16010 16011 7ff6eb6fb1e4 FlsGetValue 16010->16011 16012 7ff6eb6fb201 FlsSetValue 16010->16012 16013 7ff6eb6fb1fb 16011->16013 16030 7ff6eb6fb1f1 16011->16030 16014 7ff6eb6fb213 16012->16014 16012->16030 16013->16012 16016 7ff6eb6fec08 _set_fmode 11 API calls 16014->16016 16015 7ff6eb6fb26d SetLastError 16017 7ff6eb6fb28d 16015->16017 16018 7ff6eb6fa451 16015->16018 16019 7ff6eb6fb222 16016->16019 16020 7ff6eb6fa574 __CxxCallCatchBlock 38 API calls 16017->16020 16032 7ff6eb6fa574 16018->16032 16021 7ff6eb6fb240 FlsSetValue 16019->16021 16022 7ff6eb6fb230 FlsSetValue 16019->16022 16023 7ff6eb6fb292 16020->16023 16025 7ff6eb6fb25e 16021->16025 16026 7ff6eb6fb24c FlsSetValue 16021->16026 16024 7ff6eb6fb239 16022->16024 16027 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 16024->16027 16028 7ff6eb6faf64 _set_fmode 11 API calls 16025->16028 16026->16024 16027->16030 16029 7ff6eb6fb266 16028->16029 16031 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 16029->16031 16030->16015 16031->16015 16041 7ff6eb7036c0 16032->16041 16075 7ff6eb703678 16041->16075 16080 7ff6eb700348 EnterCriticalSection 16075->16080 20539 7ff6eb6ecbc0 20540 7ff6eb6ecbd0 20539->20540 20556 7ff6eb6f9c18 20540->20556 20542 7ff6eb6ecbdc 20562 7ff6eb6eceb8 20542->20562 20544 7ff6eb6ecc49 20545 7ff6eb6ed19c 7 API calls 20544->20545 20555 7ff6eb6ecc65 20544->20555 20547 7ff6eb6ecc75 20545->20547 20546 7ff6eb6ecbf4 _RTC_Initialize 20546->20544 20567 7ff6eb6ed068 20546->20567 20549 7ff6eb6ecc09 20570 7ff6eb6f9084 20549->20570 20557 7ff6eb6f9c29 20556->20557 20558 7ff6eb6f9c31 20557->20558 20559 7ff6eb6f4f78 _set_fmode 11 API calls 20557->20559 20558->20542 20560 7ff6eb6f9c40 20559->20560 20561 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 20560->20561 20561->20558 20563 7ff6eb6ecec9 20562->20563 20566 7ff6eb6ecece __scrt_release_startup_lock 20562->20566 20564 7ff6eb6ed19c 7 API calls 20563->20564 20563->20566 20565 7ff6eb6ecf42 20564->20565 20566->20546 20595 7ff6eb6ed02c 20567->20595 20569 7ff6eb6ed071 20569->20549 20571 7ff6eb6f90a4 20570->20571 20572 7ff6eb6ecc15 20570->20572 20573 7ff6eb6f90c2 GetModuleFileNameW 20571->20573 20574 7ff6eb6f90ac 20571->20574 20572->20544 20594 7ff6eb6ed13c InitializeSListHead 20572->20594 20578 7ff6eb6f90ed 20573->20578 20575 7ff6eb6f4f78 _set_fmode 11 API calls 20574->20575 20576 7ff6eb6f90b1 20575->20576 20577 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 20576->20577 20577->20572 20579 7ff6eb6f9024 11 API calls 20578->20579 20580 7ff6eb6f912d 20579->20580 20581 7ff6eb6f9135 20580->20581 20584 7ff6eb6f914d 20580->20584 20582 7ff6eb6f4f78 _set_fmode 11 API calls 20581->20582 20583 7ff6eb6f913a 20582->20583 20586 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 20583->20586 20585 7ff6eb6f916f 20584->20585 20588 7ff6eb6f91b4 20584->20588 20589 7ff6eb6f919b 20584->20589 20587 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 20585->20587 20586->20572 20587->20572 20591 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 20588->20591 20590 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 20589->20590 20592 7ff6eb6f91a4 20590->20592 20591->20585 20593 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 20592->20593 20593->20572 20596 7ff6eb6ed03f 20595->20596 20597 7ff6eb6ed046 20595->20597 20596->20569 20599 7ff6eb6fa25c 20597->20599 20602 7ff6eb6f9e98 20599->20602 20609 7ff6eb700348 EnterCriticalSection 20602->20609 19697 7ff6eb6fb040 19698 7ff6eb6fb045 19697->19698 19699 7ff6eb6fb05a 19697->19699 19703 7ff6eb6fb060 19698->19703 19704 7ff6eb6fb0a2 19703->19704 19705 7ff6eb6fb0aa 19703->19705 19706 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19704->19706 19707 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19705->19707 19706->19705 19708 7ff6eb6fb0b7 19707->19708 19709 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19708->19709 19710 7ff6eb6fb0c4 19709->19710 19711 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19710->19711 19712 7ff6eb6fb0d1 19711->19712 19713 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19712->19713 19714 7ff6eb6fb0de 19713->19714 19715 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19714->19715 19716 7ff6eb6fb0eb 19715->19716 19717 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19716->19717 19718 7ff6eb6fb0f8 19717->19718 19719 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19718->19719 19720 7ff6eb6fb105 19719->19720 19721 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19720->19721 19722 7ff6eb6fb115 19721->19722 19723 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19722->19723 19724 7ff6eb6fb125 19723->19724 19729 7ff6eb6faf04 19724->19729 19743 7ff6eb700348 EnterCriticalSection 19729->19743 20610 7ff6eb6f9dc0 20613 7ff6eb6f9d3c 20610->20613 20620 7ff6eb700348 EnterCriticalSection 20613->20620 18911 7ff6eb700938 18912 7ff6eb70095c 18911->18912 18915 7ff6eb70096c 18911->18915 18913 7ff6eb6f4f78 _set_fmode 11 API calls 18912->18913 18914 7ff6eb700961 18913->18914 18916 7ff6eb700c4c 18915->18916 18917 7ff6eb70098e 18915->18917 18918 7ff6eb6f4f78 _set_fmode 11 API calls 18916->18918 18919 7ff6eb7009af 18917->18919 19042 7ff6eb700ff4 18917->19042 18920 7ff6eb700c51 18918->18920 18923 7ff6eb700a21 18919->18923 18924 7ff6eb7009d5 18919->18924 18940 7ff6eb700a15 18919->18940 18922 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 18920->18922 18922->18914 18926 7ff6eb7009e4 18923->18926 18928 7ff6eb6fec08 _set_fmode 11 API calls 18923->18928 19057 7ff6eb6f9730 18924->19057 18932 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 18926->18932 18929 7ff6eb700a37 18928->18929 18933 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 18929->18933 18931 7ff6eb700ace 18936 7ff6eb700aeb 18931->18936 18941 7ff6eb700b3d 18931->18941 18932->18914 18937 7ff6eb700a45 18933->18937 18934 7ff6eb7009df 18938 7ff6eb6f4f78 _set_fmode 11 API calls 18934->18938 18935 7ff6eb7009fd 18935->18940 18943 7ff6eb700ff4 45 API calls 18935->18943 18939 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 18936->18939 18937->18926 18937->18940 18945 7ff6eb6fec08 _set_fmode 11 API calls 18937->18945 18938->18926 18942 7ff6eb700af4 18939->18942 18940->18926 18940->18931 19063 7ff6eb70719c 18940->19063 18941->18926 18944 7ff6eb70344c 40 API calls 18941->18944 18953 7ff6eb700af9 18942->18953 19099 7ff6eb70344c 18942->19099 18943->18940 18946 7ff6eb700b7a 18944->18946 18947 7ff6eb700a67 18945->18947 18948 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 18946->18948 18950 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 18947->18950 18951 7ff6eb700b84 18948->18951 18950->18940 18951->18926 18951->18953 18952 7ff6eb700c40 18956 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 18952->18956 18953->18952 18957 7ff6eb6fec08 _set_fmode 11 API calls 18953->18957 18954 7ff6eb700b25 18955 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 18954->18955 18955->18953 18956->18914 18958 7ff6eb700bc8 18957->18958 18959 7ff6eb700bd0 18958->18959 18960 7ff6eb700bd9 18958->18960 18961 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 18959->18961 18962 7ff6eb6fa514 __std_exception_copy 37 API calls 18960->18962 18963 7ff6eb700bd7 18961->18963 18964 7ff6eb700be8 18962->18964 18968 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 18963->18968 18965 7ff6eb700bf0 18964->18965 18966 7ff6eb700c7b 18964->18966 19108 7ff6eb7072b4 18965->19108 18967 7ff6eb6fa970 _isindst 17 API calls 18966->18967 18970 7ff6eb700c8f 18967->18970 18968->18914 18972 7ff6eb700cb8 18970->18972 18980 7ff6eb700cc8 18970->18980 18975 7ff6eb6f4f78 _set_fmode 11 API calls 18972->18975 18973 7ff6eb700c38 18976 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 18973->18976 18974 7ff6eb700c17 18977 7ff6eb6f4f78 _set_fmode 11 API calls 18974->18977 19004 7ff6eb700cbd 18975->19004 18976->18952 18978 7ff6eb700c1c 18977->18978 18979 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 18978->18979 18979->18963 18981 7ff6eb700fab 18980->18981 18982 7ff6eb700cea 18980->18982 18983 7ff6eb6f4f78 _set_fmode 11 API calls 18981->18983 18984 7ff6eb700d07 18982->18984 19127 7ff6eb7010dc 18982->19127 18985 7ff6eb700fb0 18983->18985 18988 7ff6eb700d7b 18984->18988 18989 7ff6eb700d2f 18984->18989 18994 7ff6eb700d6f 18984->18994 18987 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 18985->18987 18987->19004 18992 7ff6eb700da3 18988->18992 18995 7ff6eb6fec08 _set_fmode 11 API calls 18988->18995 19009 7ff6eb700d3e 18988->19009 19142 7ff6eb6f976c 18989->19142 18990 7ff6eb700e2e 19003 7ff6eb700e4b 18990->19003 19010 7ff6eb700e9e 18990->19010 18992->18994 18997 7ff6eb6fec08 _set_fmode 11 API calls 18992->18997 18992->19009 18994->18990 18994->19009 19148 7ff6eb70705c 18994->19148 18999 7ff6eb700d95 18995->18999 19002 7ff6eb700dc5 18997->19002 18998 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 18998->19004 19005 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 18999->19005 19000 7ff6eb700d39 19006 7ff6eb6f4f78 _set_fmode 11 API calls 19000->19006 19001 7ff6eb700d57 19001->18994 19012 7ff6eb7010dc 45 API calls 19001->19012 19007 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19002->19007 19008 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19003->19008 19005->18992 19006->19009 19007->18994 19011 7ff6eb700e54 19008->19011 19009->18998 19010->19009 19013 7ff6eb70344c 40 API calls 19010->19013 19015 7ff6eb70344c 40 API calls 19011->19015 19018 7ff6eb700e5a 19011->19018 19012->18994 19014 7ff6eb700edc 19013->19014 19016 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19014->19016 19019 7ff6eb700e86 19015->19019 19020 7ff6eb700ee6 19016->19020 19017 7ff6eb700f9f 19022 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19017->19022 19018->19017 19023 7ff6eb6fec08 _set_fmode 11 API calls 19018->19023 19021 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19019->19021 19020->19009 19020->19018 19021->19018 19022->19004 19024 7ff6eb700f2b 19023->19024 19025 7ff6eb700f33 19024->19025 19026 7ff6eb700f3c 19024->19026 19027 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19025->19027 19028 7ff6eb7004e4 37 API calls 19026->19028 19029 7ff6eb700f3a 19027->19029 19030 7ff6eb700f4a 19028->19030 19034 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19029->19034 19031 7ff6eb700f52 SetEnvironmentVariableW 19030->19031 19032 7ff6eb700fdf 19030->19032 19035 7ff6eb700f97 19031->19035 19036 7ff6eb700f76 19031->19036 19033 7ff6eb6fa970 _isindst 17 API calls 19032->19033 19037 7ff6eb700ff3 19033->19037 19034->19004 19038 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19035->19038 19039 7ff6eb6f4f78 _set_fmode 11 API calls 19036->19039 19038->19017 19040 7ff6eb700f7b 19039->19040 19041 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19040->19041 19041->19029 19043 7ff6eb701029 19042->19043 19049 7ff6eb701011 19042->19049 19044 7ff6eb6fec08 _set_fmode 11 API calls 19043->19044 19052 7ff6eb70104d 19044->19052 19045 7ff6eb7010ae 19048 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19045->19048 19046 7ff6eb6fa574 __CxxCallCatchBlock 45 API calls 19047 7ff6eb7010d8 19046->19047 19048->19049 19049->18919 19050 7ff6eb6fec08 _set_fmode 11 API calls 19050->19052 19051 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19051->19052 19052->19045 19052->19050 19052->19051 19053 7ff6eb6fa514 __std_exception_copy 37 API calls 19052->19053 19054 7ff6eb7010bd 19052->19054 19056 7ff6eb7010d2 19052->19056 19053->19052 19055 7ff6eb6fa970 _isindst 17 API calls 19054->19055 19055->19056 19056->19046 19058 7ff6eb6f9740 19057->19058 19062 7ff6eb6f9749 19057->19062 19058->19062 19172 7ff6eb6f9208 19058->19172 19062->18934 19062->18935 19064 7ff6eb7062c4 19063->19064 19065 7ff6eb7071a9 19063->19065 19066 7ff6eb7062d1 19064->19066 19071 7ff6eb706307 19064->19071 19067 7ff6eb6f4fbc 45 API calls 19065->19067 19069 7ff6eb6f4f78 _set_fmode 11 API calls 19066->19069 19083 7ff6eb706278 19066->19083 19068 7ff6eb7071dd 19067->19068 19072 7ff6eb7071e2 19068->19072 19076 7ff6eb7071f3 19068->19076 19080 7ff6eb70720a 19068->19080 19073 7ff6eb7062db 19069->19073 19070 7ff6eb706331 19074 7ff6eb6f4f78 _set_fmode 11 API calls 19070->19074 19071->19070 19075 7ff6eb706356 19071->19075 19072->18940 19077 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 19073->19077 19078 7ff6eb706336 19074->19078 19084 7ff6eb6f4fbc 45 API calls 19075->19084 19090 7ff6eb706341 19075->19090 19081 7ff6eb6f4f78 _set_fmode 11 API calls 19076->19081 19082 7ff6eb7062e6 19077->19082 19079 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 19078->19079 19079->19090 19086 7ff6eb707214 19080->19086 19087 7ff6eb707226 19080->19087 19085 7ff6eb7071f8 19081->19085 19082->18940 19083->18940 19084->19090 19091 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 19085->19091 19092 7ff6eb6f4f78 _set_fmode 11 API calls 19086->19092 19088 7ff6eb70724e 19087->19088 19089 7ff6eb707237 19087->19089 19414 7ff6eb708fbc 19088->19414 19405 7ff6eb706314 19089->19405 19090->18940 19091->19072 19095 7ff6eb707219 19092->19095 19096 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 19095->19096 19096->19072 19098 7ff6eb6f4f78 _set_fmode 11 API calls 19098->19072 19100 7ff6eb70346e 19099->19100 19101 7ff6eb70348b 19099->19101 19100->19101 19102 7ff6eb70347c 19100->19102 19103 7ff6eb703495 19101->19103 19454 7ff6eb707ca8 19101->19454 19104 7ff6eb6f4f78 _set_fmode 11 API calls 19102->19104 19461 7ff6eb707ce4 19103->19461 19107 7ff6eb703481 __scrt_get_show_window_mode 19104->19107 19107->18954 19109 7ff6eb6f4fbc 45 API calls 19108->19109 19110 7ff6eb70731a 19109->19110 19112 7ff6eb707328 19110->19112 19473 7ff6eb6fef94 19110->19473 19476 7ff6eb6f551c 19112->19476 19115 7ff6eb707414 19118 7ff6eb707425 19115->19118 19119 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19115->19119 19116 7ff6eb6f4fbc 45 API calls 19117 7ff6eb707397 19116->19117 19121 7ff6eb6fef94 5 API calls 19117->19121 19123 7ff6eb7073a0 19117->19123 19120 7ff6eb700c13 19118->19120 19122 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19118->19122 19119->19118 19120->18973 19120->18974 19121->19123 19122->19120 19124 7ff6eb6f551c 14 API calls 19123->19124 19125 7ff6eb7073fb 19124->19125 19125->19115 19126 7ff6eb707403 SetEnvironmentVariableW 19125->19126 19126->19115 19128 7ff6eb7010ff 19127->19128 19129 7ff6eb70111c 19127->19129 19128->18984 19130 7ff6eb6fec08 _set_fmode 11 API calls 19129->19130 19131 7ff6eb701140 19130->19131 19132 7ff6eb7011a1 19131->19132 19136 7ff6eb6fec08 _set_fmode 11 API calls 19131->19136 19137 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19131->19137 19138 7ff6eb7004e4 37 API calls 19131->19138 19139 7ff6eb7011b0 19131->19139 19141 7ff6eb7011c4 19131->19141 19134 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19132->19134 19133 7ff6eb6fa574 __CxxCallCatchBlock 45 API calls 19135 7ff6eb7011ca 19133->19135 19134->19128 19136->19131 19137->19131 19138->19131 19140 7ff6eb6fa970 _isindst 17 API calls 19139->19140 19140->19141 19141->19133 19143 7ff6eb6f9785 19142->19143 19144 7ff6eb6f977c 19142->19144 19143->19000 19143->19001 19144->19143 19498 7ff6eb6f927c 19144->19498 19149 7ff6eb707069 19148->19149 19152 7ff6eb707096 19148->19152 19150 7ff6eb70706e 19149->19150 19149->19152 19151 7ff6eb6f4f78 _set_fmode 11 API calls 19150->19151 19154 7ff6eb707073 19151->19154 19153 7ff6eb7070da 19152->19153 19156 7ff6eb7070f9 19152->19156 19170 7ff6eb7070ce __crtLCMapStringW 19152->19170 19155 7ff6eb6f4f78 _set_fmode 11 API calls 19153->19155 19157 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 19154->19157 19158 7ff6eb7070df 19155->19158 19159 7ff6eb707115 19156->19159 19160 7ff6eb707103 19156->19160 19161 7ff6eb70707e 19157->19161 19163 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 19158->19163 19162 7ff6eb6f4fbc 45 API calls 19159->19162 19164 7ff6eb6f4f78 _set_fmode 11 API calls 19160->19164 19161->18994 19165 7ff6eb707122 19162->19165 19163->19170 19166 7ff6eb707108 19164->19166 19165->19170 19545 7ff6eb708b78 19165->19545 19167 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 19166->19167 19167->19170 19170->18994 19171 7ff6eb6f4f78 _set_fmode 11 API calls 19171->19170 19173 7ff6eb6f9221 19172->19173 19174 7ff6eb6f921d 19172->19174 19195 7ff6eb702660 19173->19195 19174->19062 19187 7ff6eb6f955c 19174->19187 19179 7ff6eb6f9233 19181 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19179->19181 19180 7ff6eb6f923f 19221 7ff6eb6f92ec 19180->19221 19181->19174 19184 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19185 7ff6eb6f9266 19184->19185 19186 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19185->19186 19186->19174 19188 7ff6eb6f9585 19187->19188 19193 7ff6eb6f959e 19187->19193 19188->19062 19189 7ff6eb6fec08 _set_fmode 11 API calls 19189->19193 19190 7ff6eb6f962e 19192 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19190->19192 19191 7ff6eb700858 WideCharToMultiByte 19191->19193 19192->19188 19193->19188 19193->19189 19193->19190 19193->19191 19194 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19193->19194 19194->19193 19196 7ff6eb70266d 19195->19196 19197 7ff6eb6f9226 19195->19197 19240 7ff6eb6fb294 19196->19240 19201 7ff6eb70299c GetEnvironmentStringsW 19197->19201 19202 7ff6eb6f922b 19201->19202 19203 7ff6eb7029cc 19201->19203 19202->19179 19202->19180 19204 7ff6eb700858 WideCharToMultiByte 19203->19204 19205 7ff6eb702a1d 19204->19205 19206 7ff6eb702a24 FreeEnvironmentStringsW 19205->19206 19207 7ff6eb6fd66c _fread_nolock 12 API calls 19205->19207 19206->19202 19208 7ff6eb702a37 19207->19208 19209 7ff6eb702a3f 19208->19209 19210 7ff6eb702a48 19208->19210 19211 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19209->19211 19212 7ff6eb700858 WideCharToMultiByte 19210->19212 19213 7ff6eb702a46 19211->19213 19214 7ff6eb702a6b 19212->19214 19213->19206 19215 7ff6eb702a6f 19214->19215 19216 7ff6eb702a79 19214->19216 19217 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19215->19217 19218 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19216->19218 19219 7ff6eb702a77 FreeEnvironmentStringsW 19217->19219 19218->19219 19219->19202 19222 7ff6eb6f9311 19221->19222 19223 7ff6eb6fec08 _set_fmode 11 API calls 19222->19223 19235 7ff6eb6f9347 19223->19235 19224 7ff6eb6f934f 19225 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19224->19225 19226 7ff6eb6f9247 19225->19226 19226->19184 19227 7ff6eb6f93c2 19228 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19227->19228 19228->19226 19229 7ff6eb6fec08 _set_fmode 11 API calls 19229->19235 19230 7ff6eb6f93b1 19399 7ff6eb6f9518 19230->19399 19232 7ff6eb6fa514 __std_exception_copy 37 API calls 19232->19235 19234 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19234->19224 19235->19224 19235->19227 19235->19229 19235->19230 19235->19232 19236 7ff6eb6f93e7 19235->19236 19238 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19235->19238 19237 7ff6eb6fa970 _isindst 17 API calls 19236->19237 19239 7ff6eb6f93fa 19237->19239 19238->19235 19241 7ff6eb6fb2a5 FlsGetValue 19240->19241 19242 7ff6eb6fb2c0 FlsSetValue 19240->19242 19244 7ff6eb6fb2ba 19241->19244 19257 7ff6eb6fb2b2 19241->19257 19243 7ff6eb6fb2cd 19242->19243 19242->19257 19246 7ff6eb6fec08 _set_fmode 11 API calls 19243->19246 19244->19242 19245 7ff6eb6fa574 __CxxCallCatchBlock 45 API calls 19248 7ff6eb6fb335 19245->19248 19249 7ff6eb6fb2dc 19246->19249 19247 7ff6eb6fb2b8 19260 7ff6eb702334 19247->19260 19250 7ff6eb6fb2fa FlsSetValue 19249->19250 19251 7ff6eb6fb2ea FlsSetValue 19249->19251 19253 7ff6eb6fb318 19250->19253 19254 7ff6eb6fb306 FlsSetValue 19250->19254 19252 7ff6eb6fb2f3 19251->19252 19255 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19252->19255 19256 7ff6eb6faf64 _set_fmode 11 API calls 19253->19256 19254->19252 19255->19257 19258 7ff6eb6fb320 19256->19258 19257->19245 19257->19247 19259 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19258->19259 19259->19247 19283 7ff6eb7025a4 19260->19283 19262 7ff6eb702369 19298 7ff6eb702034 19262->19298 19265 7ff6eb6fd66c _fread_nolock 12 API calls 19266 7ff6eb702397 19265->19266 19267 7ff6eb70239f 19266->19267 19268 7ff6eb7023ae 19266->19268 19269 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19267->19269 19305 7ff6eb7026dc 19268->19305 19282 7ff6eb702386 19269->19282 19272 7ff6eb7024aa 19273 7ff6eb6f4f78 _set_fmode 11 API calls 19272->19273 19274 7ff6eb7024af 19273->19274 19277 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19274->19277 19275 7ff6eb702505 19276 7ff6eb70256c 19275->19276 19316 7ff6eb701e64 19275->19316 19281 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19276->19281 19277->19282 19278 7ff6eb7024c4 19278->19275 19279 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19278->19279 19279->19275 19281->19282 19282->19197 19284 7ff6eb7025c7 19283->19284 19285 7ff6eb7025d1 19284->19285 19331 7ff6eb700348 EnterCriticalSection 19284->19331 19287 7ff6eb702643 19285->19287 19290 7ff6eb6fa574 __CxxCallCatchBlock 45 API calls 19285->19290 19287->19262 19291 7ff6eb70265b 19290->19291 19293 7ff6eb7026b2 19291->19293 19295 7ff6eb6fb294 50 API calls 19291->19295 19293->19262 19296 7ff6eb70269c 19295->19296 19297 7ff6eb702334 65 API calls 19296->19297 19297->19293 19299 7ff6eb6f4fbc 45 API calls 19298->19299 19300 7ff6eb702048 19299->19300 19301 7ff6eb702054 GetOEMCP 19300->19301 19302 7ff6eb702066 19300->19302 19303 7ff6eb70207b 19301->19303 19302->19303 19304 7ff6eb70206b GetACP 19302->19304 19303->19265 19303->19282 19304->19303 19306 7ff6eb702034 47 API calls 19305->19306 19307 7ff6eb702709 19306->19307 19308 7ff6eb70285f 19307->19308 19310 7ff6eb702746 IsValidCodePage 19307->19310 19315 7ff6eb702760 __scrt_get_show_window_mode 19307->19315 19309 7ff6eb6ec5c0 _log10_special 8 API calls 19308->19309 19311 7ff6eb7024a1 19309->19311 19310->19308 19312 7ff6eb702757 19310->19312 19311->19272 19311->19278 19313 7ff6eb702786 GetCPInfo 19312->19313 19312->19315 19313->19308 19313->19315 19332 7ff6eb70214c 19315->19332 19398 7ff6eb700348 EnterCriticalSection 19316->19398 19333 7ff6eb702189 GetCPInfo 19332->19333 19334 7ff6eb70227f 19332->19334 19333->19334 19339 7ff6eb70219c 19333->19339 19335 7ff6eb6ec5c0 _log10_special 8 API calls 19334->19335 19337 7ff6eb70231e 19335->19337 19336 7ff6eb702eb0 48 API calls 19338 7ff6eb702213 19336->19338 19337->19308 19343 7ff6eb707bf4 19338->19343 19339->19336 19342 7ff6eb707bf4 54 API calls 19342->19334 19344 7ff6eb6f4fbc 45 API calls 19343->19344 19345 7ff6eb707c19 19344->19345 19348 7ff6eb7078c0 19345->19348 19349 7ff6eb707901 19348->19349 19350 7ff6eb6ff910 _fread_nolock MultiByteToWideChar 19349->19350 19353 7ff6eb70794b 19350->19353 19351 7ff6eb707bc9 19352 7ff6eb6ec5c0 _log10_special 8 API calls 19351->19352 19354 7ff6eb702246 19352->19354 19353->19351 19355 7ff6eb6fd66c _fread_nolock 12 API calls 19353->19355 19356 7ff6eb707a81 19353->19356 19358 7ff6eb707983 19353->19358 19354->19342 19355->19358 19356->19351 19357 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19356->19357 19357->19351 19358->19356 19359 7ff6eb6ff910 _fread_nolock MultiByteToWideChar 19358->19359 19360 7ff6eb7079f6 19359->19360 19360->19356 19379 7ff6eb6ff154 19360->19379 19363 7ff6eb707a92 19366 7ff6eb6fd66c _fread_nolock 12 API calls 19363->19366 19367 7ff6eb707b64 19363->19367 19369 7ff6eb707ab0 19363->19369 19364 7ff6eb707a41 19364->19356 19365 7ff6eb6ff154 __crtLCMapStringW 6 API calls 19364->19365 19365->19356 19366->19369 19367->19356 19368 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19367->19368 19368->19356 19369->19356 19370 7ff6eb6ff154 __crtLCMapStringW 6 API calls 19369->19370 19371 7ff6eb707b30 19370->19371 19371->19367 19372 7ff6eb707b50 19371->19372 19373 7ff6eb707b66 19371->19373 19374 7ff6eb700858 WideCharToMultiByte 19372->19374 19375 7ff6eb700858 WideCharToMultiByte 19373->19375 19376 7ff6eb707b5e 19374->19376 19375->19376 19376->19367 19377 7ff6eb707b7e 19376->19377 19377->19356 19378 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19377->19378 19378->19356 19385 7ff6eb6fed80 19379->19385 19381 7ff6eb6ff19a 19381->19356 19381->19363 19381->19364 19384 7ff6eb6ff203 LCMapStringW 19384->19381 19386 7ff6eb6feddd 19385->19386 19393 7ff6eb6fedd8 __vcrt_FlsAlloc 19385->19393 19386->19381 19395 7ff6eb6ff240 19386->19395 19387 7ff6eb6fee0d LoadLibraryExW 19389 7ff6eb6feee2 19387->19389 19390 7ff6eb6fee32 GetLastError 19387->19390 19388 7ff6eb6fef02 GetProcAddress 19388->19386 19392 7ff6eb6fef13 19388->19392 19389->19388 19391 7ff6eb6feef9 FreeLibrary 19389->19391 19390->19393 19391->19388 19392->19386 19393->19386 19393->19387 19393->19388 19394 7ff6eb6fee6c LoadLibraryExW 19393->19394 19394->19389 19394->19393 19396 7ff6eb6fed80 __crtLCMapStringW 5 API calls 19395->19396 19397 7ff6eb6ff26e __crtLCMapStringW 19396->19397 19397->19384 19400 7ff6eb6f951d 19399->19400 19401 7ff6eb6f93b9 19399->19401 19402 7ff6eb6f9546 19400->19402 19404 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19400->19404 19401->19234 19403 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19402->19403 19403->19401 19404->19400 19406 7ff6eb706331 19405->19406 19407 7ff6eb706348 19405->19407 19408 7ff6eb6f4f78 _set_fmode 11 API calls 19406->19408 19407->19406 19411 7ff6eb706356 19407->19411 19409 7ff6eb706336 19408->19409 19410 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 19409->19410 19413 7ff6eb706341 19410->19413 19412 7ff6eb6f4fbc 45 API calls 19411->19412 19411->19413 19412->19413 19413->19072 19415 7ff6eb6f4fbc 45 API calls 19414->19415 19416 7ff6eb708fe1 19415->19416 19419 7ff6eb708c38 19416->19419 19420 7ff6eb708c86 19419->19420 19423 7ff6eb708d0d 19420->19423 19425 7ff6eb708cf8 GetCPInfo 19420->19425 19426 7ff6eb708d11 19420->19426 19421 7ff6eb6ec5c0 _log10_special 8 API calls 19422 7ff6eb707275 19421->19422 19422->19072 19422->19098 19424 7ff6eb6ff910 _fread_nolock MultiByteToWideChar 19423->19424 19423->19426 19427 7ff6eb708da5 19424->19427 19425->19423 19425->19426 19426->19421 19427->19426 19428 7ff6eb6fd66c _fread_nolock 12 API calls 19427->19428 19429 7ff6eb708ddc 19427->19429 19428->19429 19429->19426 19430 7ff6eb6ff910 _fread_nolock MultiByteToWideChar 19429->19430 19431 7ff6eb708e4a 19430->19431 19432 7ff6eb708f2c 19431->19432 19433 7ff6eb6ff910 _fread_nolock MultiByteToWideChar 19431->19433 19432->19426 19434 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19432->19434 19435 7ff6eb708e70 19433->19435 19434->19426 19435->19432 19436 7ff6eb6fd66c _fread_nolock 12 API calls 19435->19436 19437 7ff6eb708e9d 19435->19437 19436->19437 19437->19432 19438 7ff6eb6ff910 _fread_nolock MultiByteToWideChar 19437->19438 19439 7ff6eb708f14 19438->19439 19440 7ff6eb708f1a 19439->19440 19441 7ff6eb708f34 19439->19441 19440->19432 19443 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19440->19443 19448 7ff6eb6fefd8 19441->19448 19443->19432 19445 7ff6eb708f73 19445->19426 19447 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19445->19447 19446 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19446->19445 19447->19426 19449 7ff6eb6fed80 __crtLCMapStringW 5 API calls 19448->19449 19450 7ff6eb6ff016 19449->19450 19451 7ff6eb6ff01e 19450->19451 19452 7ff6eb6ff240 __crtLCMapStringW 5 API calls 19450->19452 19451->19445 19451->19446 19453 7ff6eb6ff087 CompareStringW 19452->19453 19453->19451 19455 7ff6eb707cb1 19454->19455 19456 7ff6eb707cca HeapSize 19454->19456 19457 7ff6eb6f4f78 _set_fmode 11 API calls 19455->19457 19458 7ff6eb707cb6 19457->19458 19459 7ff6eb6fa950 _invalid_parameter_noinfo 37 API calls 19458->19459 19460 7ff6eb707cc1 19459->19460 19460->19103 19462 7ff6eb707d03 19461->19462 19463 7ff6eb707cf9 19461->19463 19465 7ff6eb707d08 19462->19465 19472 7ff6eb707d0f _set_fmode 19462->19472 19464 7ff6eb6fd66c _fread_nolock 12 API calls 19463->19464 19466 7ff6eb707d01 19464->19466 19467 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19465->19467 19466->19107 19467->19466 19468 7ff6eb707d15 19470 7ff6eb6f4f78 _set_fmode 11 API calls 19468->19470 19469 7ff6eb707d42 HeapReAlloc 19469->19466 19469->19472 19470->19466 19471 7ff6eb703600 _set_fmode 2 API calls 19471->19472 19472->19468 19472->19469 19472->19471 19474 7ff6eb6fed80 __crtLCMapStringW 5 API calls 19473->19474 19475 7ff6eb6fefb4 19474->19475 19475->19112 19477 7ff6eb6f556a 19476->19477 19478 7ff6eb6f5546 19476->19478 19479 7ff6eb6f55c4 19477->19479 19480 7ff6eb6f556f 19477->19480 19482 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19478->19482 19487 7ff6eb6f5555 19478->19487 19481 7ff6eb6ff910 _fread_nolock MultiByteToWideChar 19479->19481 19483 7ff6eb6f5584 19480->19483 19484 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19480->19484 19480->19487 19490 7ff6eb6f55e0 19481->19490 19482->19487 19485 7ff6eb6fd66c _fread_nolock 12 API calls 19483->19485 19484->19483 19485->19487 19486 7ff6eb6f55e7 GetLastError 19489 7ff6eb6f4eec _fread_nolock 11 API calls 19486->19489 19487->19115 19487->19116 19488 7ff6eb6f5622 19488->19487 19492 7ff6eb6ff910 _fread_nolock MultiByteToWideChar 19488->19492 19493 7ff6eb6f55f4 19489->19493 19490->19486 19490->19488 19491 7ff6eb6f5615 19490->19491 19494 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19490->19494 19495 7ff6eb6fd66c _fread_nolock 12 API calls 19491->19495 19496 7ff6eb6f5666 19492->19496 19497 7ff6eb6f4f78 _set_fmode 11 API calls 19493->19497 19494->19491 19495->19488 19496->19486 19496->19487 19497->19487 19499 7ff6eb6f9295 19498->19499 19506 7ff6eb6f9291 19498->19506 19519 7ff6eb702aac GetEnvironmentStringsW 19499->19519 19502 7ff6eb6f92a2 19504 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19502->19504 19503 7ff6eb6f92ae 19526 7ff6eb6f93fc 19503->19526 19504->19506 19506->19143 19511 7ff6eb6f963c 19506->19511 19508 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19509 7ff6eb6f92d5 19508->19509 19510 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19509->19510 19510->19506 19512 7ff6eb6f9676 19511->19512 19513 7ff6eb6f965f 19511->19513 19512->19513 19514 7ff6eb6fec08 _set_fmode 11 API calls 19512->19514 19515 7ff6eb6f96ea 19512->19515 19516 7ff6eb6ff910 MultiByteToWideChar _fread_nolock 19512->19516 19518 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19512->19518 19513->19143 19514->19512 19517 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19515->19517 19516->19512 19517->19513 19518->19512 19520 7ff6eb6f929a 19519->19520 19521 7ff6eb702ad0 19519->19521 19520->19502 19520->19503 19522 7ff6eb6fd66c _fread_nolock 12 API calls 19521->19522 19523 7ff6eb702b07 memcpy_s 19522->19523 19524 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19523->19524 19525 7ff6eb702b27 FreeEnvironmentStringsW 19524->19525 19525->19520 19527 7ff6eb6f9424 19526->19527 19528 7ff6eb6fec08 _set_fmode 11 API calls 19527->19528 19529 7ff6eb6f945f 19528->19529 19531 7ff6eb6f94e1 19529->19531 19534 7ff6eb6fec08 _set_fmode 11 API calls 19529->19534 19535 7ff6eb6f94d0 19529->19535 19537 7ff6eb7004e4 37 API calls 19529->19537 19540 7ff6eb6f9504 19529->19540 19541 7ff6eb6f9467 19529->19541 19543 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19529->19543 19530 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19532 7ff6eb6f92b6 19530->19532 19533 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19531->19533 19532->19508 19533->19532 19534->19529 19536 7ff6eb6f9518 11 API calls 19535->19536 19538 7ff6eb6f94d8 19536->19538 19537->19529 19539 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 19538->19539 19539->19541 19542 7ff6eb6fa970 _isindst 17 API calls 19540->19542 19541->19530 19544 7ff6eb6f9516 19542->19544 19543->19529 19547 7ff6eb708ba1 __crtLCMapStringW 19545->19547 19546 7ff6eb70715e 19546->19170 19546->19171 19547->19546 19548 7ff6eb6fefd8 6 API calls 19547->19548 19548->19546

                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                  Function 00007FF6EB6E8BD0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 0 7ff6eb6e8bd0-7ff6eb6e8d16 call 7ff6eb6ec8c0 call 7ff6eb6e9400 SetConsoleCtrlHandler GetStartupInfoW call 7ff6eb6f5460 call 7ff6eb6fa4ec call 7ff6eb6f878c call 7ff6eb6f5460 call 7ff6eb6fa4ec call 7ff6eb6f878c call 7ff6eb6f5460 call 7ff6eb6fa4ec call 7ff6eb6f878c GetCommandLineW CreateProcessW 23 7ff6eb6e8d3d-7ff6eb6e8d79 RegisterClassW 0->23 24 7ff6eb6e8d18-7ff6eb6e8d38 GetLastError call 7ff6eb6e2c50 0->24 26 7ff6eb6e8d81-7ff6eb6e8dd5 CreateWindowExW 23->26 27 7ff6eb6e8d7b GetLastError 23->27 31 7ff6eb6e9029-7ff6eb6e904f call 7ff6eb6ec5c0 24->31 29 7ff6eb6e8ddf-7ff6eb6e8de4 ShowWindow 26->29 30 7ff6eb6e8dd7-7ff6eb6e8ddd GetLastError 26->30 27->26 32 7ff6eb6e8dea-7ff6eb6e8dfa WaitForSingleObject 29->32 30->32 34 7ff6eb6e8dfc 32->34 35 7ff6eb6e8e78-7ff6eb6e8e7f 32->35 39 7ff6eb6e8e00-7ff6eb6e8e03 34->39 36 7ff6eb6e8ec2-7ff6eb6e8ec9 35->36 37 7ff6eb6e8e81-7ff6eb6e8e91 WaitForSingleObject 35->37 42 7ff6eb6e8fb0-7ff6eb6e8fc9 GetMessageW 36->42 43 7ff6eb6e8ecf-7ff6eb6e8ee5 QueryPerformanceFrequency QueryPerformanceCounter 36->43 40 7ff6eb6e8fe8-7ff6eb6e8ff2 37->40 41 7ff6eb6e8e97-7ff6eb6e8ea7 TerminateProcess 37->41 44 7ff6eb6e8e05 GetLastError 39->44 45 7ff6eb6e8e0b-7ff6eb6e8e12 39->45 48 7ff6eb6e8ff4-7ff6eb6e8ffa DestroyWindow 40->48 49 7ff6eb6e9001-7ff6eb6e9025 GetExitCodeProcess CloseHandle * 2 40->49 50 7ff6eb6e8eaf-7ff6eb6e8ebd WaitForSingleObject 41->50 51 7ff6eb6e8ea9 GetLastError 41->51 46 7ff6eb6e8fdf-7ff6eb6e8fe6 42->46 47 7ff6eb6e8fcb-7ff6eb6e8fd9 TranslateMessage DispatchMessageW 42->47 52 7ff6eb6e8ef0-7ff6eb6e8f28 MsgWaitForMultipleObjects PeekMessageW 43->52 44->45 45->37 53 7ff6eb6e8e14-7ff6eb6e8e31 PeekMessageW 45->53 46->40 46->42 47->46 48->49 49->31 50->40 51->50 56 7ff6eb6e8f63-7ff6eb6e8f6a 52->56 57 7ff6eb6e8f2a 52->57 54 7ff6eb6e8e33-7ff6eb6e8e64 TranslateMessage DispatchMessageW PeekMessageW 53->54 55 7ff6eb6e8e66-7ff6eb6e8e76 WaitForSingleObject 53->55 54->54 54->55 55->35 55->39 56->42 59 7ff6eb6e8f6c-7ff6eb6e8f95 QueryPerformanceCounter 56->59 58 7ff6eb6e8f30-7ff6eb6e8f61 TranslateMessage DispatchMessageW PeekMessageW 57->58 58->56 58->58 59->52 60 7ff6eb6e8f9b-7ff6eb6e8fa2 59->60 60->40 61 7ff6eb6e8fa4-7ff6eb6e8fa8 60->61 61->42
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                  • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                  • API String ID: 3832162212-3165540532
                                                                                                                                                                                                  • Opcode ID: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                  • Instruction ID: dbe696ff4376f6341c846e7cb31777324999363679d5887d256e57e9b00ccf71
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3D17133A08A8286EB108F34E8543AD7764FB88B58F500236DA5D83BB4EF3ED654D745
                                                                                                                                                                                                  Function 00007FF6EB6E1000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 62 7ff6eb6e1000-7ff6eb6e3806 call 7ff6eb6efe88 call 7ff6eb6efe90 call 7ff6eb6ec8c0 call 7ff6eb6f5460 call 7ff6eb6f54f4 call 7ff6eb6e36b0 76 7ff6eb6e3814-7ff6eb6e3836 call 7ff6eb6e1950 62->76 77 7ff6eb6e3808-7ff6eb6e380f 62->77 83 7ff6eb6e391b-7ff6eb6e3931 call 7ff6eb6e45b0 76->83 84 7ff6eb6e383c-7ff6eb6e3856 call 7ff6eb6e1c80 76->84 78 7ff6eb6e3c97-7ff6eb6e3cb2 call 7ff6eb6ec5c0 77->78 89 7ff6eb6e3933-7ff6eb6e3960 call 7ff6eb6e7f80 83->89 90 7ff6eb6e396a-7ff6eb6e397f call 7ff6eb6e2710 83->90 88 7ff6eb6e385b-7ff6eb6e389b call 7ff6eb6e8a20 84->88 97 7ff6eb6e38c1-7ff6eb6e38cc call 7ff6eb6f4fa0 88->97 98 7ff6eb6e389d-7ff6eb6e38a3 88->98 102 7ff6eb6e3962-7ff6eb6e3965 call 7ff6eb6f00bc 89->102 103 7ff6eb6e3984-7ff6eb6e39a6 call 7ff6eb6e1c80 89->103 104 7ff6eb6e3c8f 90->104 110 7ff6eb6e38d2-7ff6eb6e38e1 call 7ff6eb6e8a20 97->110 111 7ff6eb6e39fc-7ff6eb6e3a06 call 7ff6eb6e8b30 97->111 99 7ff6eb6e38a5-7ff6eb6e38ad 98->99 100 7ff6eb6e38af-7ff6eb6e38bd call 7ff6eb6e8b90 98->100 99->100 100->97 102->90 115 7ff6eb6e39b0-7ff6eb6e39b9 103->115 104->78 120 7ff6eb6e39f4-7ff6eb6e39f7 call 7ff6eb6f4fa0 110->120 121 7ff6eb6e38e7-7ff6eb6e38ed 110->121 118 7ff6eb6e3a0b-7ff6eb6e3a2a call 7ff6eb6e8b90 * 3 111->118 115->115 116 7ff6eb6e39bb-7ff6eb6e39d8 call 7ff6eb6e1950 115->116 116->88 127 7ff6eb6e39de-7ff6eb6e39ef call 7ff6eb6e2710 116->127 138 7ff6eb6e3a2f-7ff6eb6e3a3e call 7ff6eb6e8a20 118->138 120->111 125 7ff6eb6e38f0-7ff6eb6e38fc 121->125 128 7ff6eb6e3905-7ff6eb6e3908 125->128 129 7ff6eb6e38fe-7ff6eb6e3903 125->129 127->104 128->120 132 7ff6eb6e390e-7ff6eb6e3916 call 7ff6eb6f4fa0 128->132 129->125 129->128 132->138 141 7ff6eb6e3b45-7ff6eb6e3b53 138->141 142 7ff6eb6e3a44-7ff6eb6e3a47 138->142 144 7ff6eb6e3a67 141->144 145 7ff6eb6e3b59-7ff6eb6e3b5d 141->145 142->141 143 7ff6eb6e3a4d-7ff6eb6e3a50 142->143 146 7ff6eb6e3b14-7ff6eb6e3b17 143->146 147 7ff6eb6e3a56-7ff6eb6e3a5a 143->147 148 7ff6eb6e3a6b-7ff6eb6e3a90 call 7ff6eb6f4fa0 144->148 145->148 150 7ff6eb6e3b2f-7ff6eb6e3b40 call 7ff6eb6e2710 146->150 151 7ff6eb6e3b19-7ff6eb6e3b1d 146->151 147->146 149 7ff6eb6e3a60 147->149 157 7ff6eb6e3a92-7ff6eb6e3aa6 call 7ff6eb6e8b30 148->157 158 7ff6eb6e3aab-7ff6eb6e3ac0 148->158 149->144 159 7ff6eb6e3c7f-7ff6eb6e3c87 150->159 151->150 153 7ff6eb6e3b1f-7ff6eb6e3b2a 151->153 153->148 157->158 161 7ff6eb6e3ac6-7ff6eb6e3aca 158->161 162 7ff6eb6e3be8-7ff6eb6e3bfa call 7ff6eb6e8a20 158->162 159->104 164 7ff6eb6e3ad0-7ff6eb6e3ae8 call 7ff6eb6f52c0 161->164 165 7ff6eb6e3bcd-7ff6eb6e3be2 call 7ff6eb6e1940 161->165 169 7ff6eb6e3c2e 162->169 170 7ff6eb6e3bfc-7ff6eb6e3c02 162->170 175 7ff6eb6e3b62-7ff6eb6e3b7a call 7ff6eb6f52c0 164->175 176 7ff6eb6e3aea-7ff6eb6e3b02 call 7ff6eb6f52c0 164->176 165->161 165->162 177 7ff6eb6e3c31-7ff6eb6e3c40 call 7ff6eb6f4fa0 169->177 173 7ff6eb6e3c04-7ff6eb6e3c1c 170->173 174 7ff6eb6e3c1e-7ff6eb6e3c2c 170->174 173->177 174->177 184 7ff6eb6e3b7c-7ff6eb6e3b80 175->184 185 7ff6eb6e3b87-7ff6eb6e3b9f call 7ff6eb6f52c0 175->185 176->165 186 7ff6eb6e3b08-7ff6eb6e3b0f 176->186 187 7ff6eb6e3d41-7ff6eb6e3d63 call 7ff6eb6e44d0 177->187 188 7ff6eb6e3c46-7ff6eb6e3c4a 177->188 184->185 197 7ff6eb6e3ba1-7ff6eb6e3ba5 185->197 198 7ff6eb6e3bac-7ff6eb6e3bc4 call 7ff6eb6f52c0 185->198 186->165 201 7ff6eb6e3d65-7ff6eb6e3d6f call 7ff6eb6e4620 187->201 202 7ff6eb6e3d71-7ff6eb6e3d82 call 7ff6eb6e1c80 187->202 190 7ff6eb6e3cd4-7ff6eb6e3ce6 call 7ff6eb6e8a20 188->190 191 7ff6eb6e3c50-7ff6eb6e3c5f call 7ff6eb6e90e0 188->191 207 7ff6eb6e3d35-7ff6eb6e3d3c 190->207 208 7ff6eb6e3ce8-7ff6eb6e3ceb 190->208 205 7ff6eb6e3cb3-7ff6eb6e3cb6 call 7ff6eb6e8850 191->205 206 7ff6eb6e3c61 191->206 197->198 198->165 219 7ff6eb6e3bc6 198->219 210 7ff6eb6e3d87-7ff6eb6e3d96 201->210 202->210 218 7ff6eb6e3cbb-7ff6eb6e3cbd 205->218 213 7ff6eb6e3c68 call 7ff6eb6e2710 206->213 207->213 208->207 214 7ff6eb6e3ced-7ff6eb6e3d10 call 7ff6eb6e1c80 208->214 216 7ff6eb6e3dc4-7ff6eb6e3dda call 7ff6eb6e9400 210->216 217 7ff6eb6e3d98-7ff6eb6e3d9f 210->217 226 7ff6eb6e3c6d-7ff6eb6e3c77 213->226 228 7ff6eb6e3d12-7ff6eb6e3d26 call 7ff6eb6e2710 call 7ff6eb6f4fa0 214->228 229 7ff6eb6e3d2b-7ff6eb6e3d33 call 7ff6eb6f4fa0 214->229 234 7ff6eb6e3ddc 216->234 235 7ff6eb6e3de8-7ff6eb6e3e04 SetDllDirectoryW 216->235 217->216 222 7ff6eb6e3da1-7ff6eb6e3da5 217->222 224 7ff6eb6e3cbf-7ff6eb6e3cc6 218->224 225 7ff6eb6e3cc8-7ff6eb6e3ccf 218->225 219->165 222->216 230 7ff6eb6e3da7-7ff6eb6e3dbe SetDllDirectoryW LoadLibraryExW 222->230 224->213 225->210 226->159 228->226 229->210 230->216 234->235 238 7ff6eb6e3f01-7ff6eb6e3f08 235->238 239 7ff6eb6e3e0a-7ff6eb6e3e19 call 7ff6eb6e8a20 235->239 241 7ff6eb6e3f0e-7ff6eb6e3f15 238->241 242 7ff6eb6e3ffc-7ff6eb6e4004 238->242 251 7ff6eb6e3e32-7ff6eb6e3e3c call 7ff6eb6f4fa0 239->251 252 7ff6eb6e3e1b-7ff6eb6e3e21 239->252 241->242 245 7ff6eb6e3f1b-7ff6eb6e3f25 call 7ff6eb6e33c0 241->245 246 7ff6eb6e4006-7ff6eb6e4023 PostMessageW GetMessageW 242->246 247 7ff6eb6e4029-7ff6eb6e405b call 7ff6eb6e36a0 call 7ff6eb6e3360 call 7ff6eb6e3670 call 7ff6eb6e6fb0 call 7ff6eb6e6d60 242->247 245->226 259 7ff6eb6e3f2b-7ff6eb6e3f3f call 7ff6eb6e90c0 245->259 246->247 261 7ff6eb6e3ef2-7ff6eb6e3efc call 7ff6eb6e8b30 251->261 262 7ff6eb6e3e42-7ff6eb6e3e48 251->262 256 7ff6eb6e3e23-7ff6eb6e3e2b 252->256 257 7ff6eb6e3e2d-7ff6eb6e3e2f 252->257 256->257 257->251 271 7ff6eb6e3f64-7ff6eb6e3fa0 call 7ff6eb6e8b30 call 7ff6eb6e8bd0 call 7ff6eb6e6fb0 call 7ff6eb6e6d60 call 7ff6eb6e8ad0 259->271 272 7ff6eb6e3f41-7ff6eb6e3f5e PostMessageW GetMessageW 259->272 261->238 262->261 266 7ff6eb6e3e4e-7ff6eb6e3e54 262->266 269 7ff6eb6e3e5f-7ff6eb6e3e61 266->269 270 7ff6eb6e3e56-7ff6eb6e3e58 266->270 269->238 276 7ff6eb6e3e67-7ff6eb6e3e83 call 7ff6eb6e6db0 call 7ff6eb6e7330 269->276 275 7ff6eb6e3e5a 270->275 270->276 307 7ff6eb6e3fa5-7ff6eb6e3fa7 271->307 272->271 275->238 290 7ff6eb6e3e85-7ff6eb6e3e8c 276->290 291 7ff6eb6e3e8e-7ff6eb6e3e95 276->291 295 7ff6eb6e3edb-7ff6eb6e3ef0 call 7ff6eb6e2a50 call 7ff6eb6e6fb0 call 7ff6eb6e6d60 290->295 292 7ff6eb6e3eaf-7ff6eb6e3eb9 call 7ff6eb6e71a0 291->292 293 7ff6eb6e3e97-7ff6eb6e3ea4 call 7ff6eb6e6df0 291->293 305 7ff6eb6e3ec4-7ff6eb6e3ed2 call 7ff6eb6e74e0 292->305 306 7ff6eb6e3ebb-7ff6eb6e3ec2 292->306 293->292 304 7ff6eb6e3ea6-7ff6eb6e3ead 293->304 295->238 304->295 305->238 319 7ff6eb6e3ed4 305->319 306->295 311 7ff6eb6e3fe9-7ff6eb6e3ff7 call 7ff6eb6e1900 307->311 312 7ff6eb6e3fa9-7ff6eb6e3fb3 call 7ff6eb6e9200 307->312 311->226 312->311 321 7ff6eb6e3fb5-7ff6eb6e3fca 312->321 319->295 322 7ff6eb6e3fe4 call 7ff6eb6e2a50 321->322 323 7ff6eb6e3fcc-7ff6eb6e3fdf call 7ff6eb6e2710 call 7ff6eb6e1900 321->323 322->311 323->226
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                  • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                  • API String ID: 2776309574-4232158417
                                                                                                                                                                                                  • Opcode ID: 44b6149e1a44f815cbaf6e2375de99b2dfa5e961a20aa3e5c6a8e77e9d9f5974
                                                                                                                                                                                                  • Instruction ID: 65bdf0939717f0752713721a85a840b514ca4da58ccfa60d6c9b12361e06670d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44b6149e1a44f815cbaf6e2375de99b2dfa5e961a20aa3e5c6a8e77e9d9f5974
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2232A123A0C68251FB26DB25D9543BD2761AF4C780F844032DA5DC76F6EF2EE654E30A
                                                                                                                                                                                                  Function 00007FF6EB705C70 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 477 7ff6eb705c70-7ff6eb705cab call 7ff6eb7055f8 call 7ff6eb705600 call 7ff6eb705668 484 7ff6eb705ed5-7ff6eb705f21 call 7ff6eb6fa970 call 7ff6eb7055f8 call 7ff6eb705600 call 7ff6eb705668 477->484 485 7ff6eb705cb1-7ff6eb705cbc call 7ff6eb705608 477->485 511 7ff6eb70605f-7ff6eb7060cd call 7ff6eb6fa970 call 7ff6eb7015e8 484->511 512 7ff6eb705f27-7ff6eb705f32 call 7ff6eb705608 484->512 485->484 490 7ff6eb705cc2-7ff6eb705ccc 485->490 492 7ff6eb705cee-7ff6eb705cf2 490->492 493 7ff6eb705cce-7ff6eb705cd1 490->493 496 7ff6eb705cf5-7ff6eb705cfd 492->496 495 7ff6eb705cd4-7ff6eb705cdf 493->495 498 7ff6eb705ce1-7ff6eb705ce8 495->498 499 7ff6eb705cea-7ff6eb705cec 495->499 496->496 500 7ff6eb705cff-7ff6eb705d12 call 7ff6eb6fd66c 496->500 498->495 498->499 499->492 502 7ff6eb705d1b-7ff6eb705d29 499->502 507 7ff6eb705d14-7ff6eb705d16 call 7ff6eb6fa9b8 500->507 508 7ff6eb705d2a-7ff6eb705d36 call 7ff6eb6fa9b8 500->508 507->502 517 7ff6eb705d3d-7ff6eb705d45 508->517 531 7ff6eb7060cf-7ff6eb7060d6 511->531 532 7ff6eb7060db-7ff6eb7060de 511->532 512->511 522 7ff6eb705f38-7ff6eb705f43 call 7ff6eb705638 512->522 517->517 520 7ff6eb705d47-7ff6eb705d58 call 7ff6eb7004e4 517->520 520->484 530 7ff6eb705d5e-7ff6eb705db4 call 7ff6eb70a540 * 4 call 7ff6eb705b8c 520->530 522->511 529 7ff6eb705f49-7ff6eb705f6c call 7ff6eb6fa9b8 GetTimeZoneInformation 522->529 545 7ff6eb706034-7ff6eb70605e call 7ff6eb7055f0 call 7ff6eb7055e0 call 7ff6eb7055e8 529->545 546 7ff6eb705f72-7ff6eb705f93 529->546 590 7ff6eb705db6-7ff6eb705dba 530->590 537 7ff6eb70616b-7ff6eb70616e 531->537 533 7ff6eb706115-7ff6eb706128 call 7ff6eb6fd66c 532->533 534 7ff6eb7060e0 532->534 555 7ff6eb706133-7ff6eb70614e call 7ff6eb7015e8 533->555 556 7ff6eb70612a 533->556 538 7ff6eb7060e3 534->538 537->538 542 7ff6eb706174-7ff6eb70617c call 7ff6eb705c70 537->542 543 7ff6eb7060e8-7ff6eb706114 call 7ff6eb6fa9b8 call 7ff6eb6ec5c0 538->543 544 7ff6eb7060e3 call 7ff6eb705eec 538->544 542->543 544->543 550 7ff6eb705f95-7ff6eb705f9b 546->550 551 7ff6eb705f9e-7ff6eb705fa5 546->551 550->551 559 7ff6eb705fb9 551->559 560 7ff6eb705fa7-7ff6eb705faf 551->560 573 7ff6eb706155-7ff6eb706167 call 7ff6eb6fa9b8 555->573 574 7ff6eb706150-7ff6eb706153 555->574 564 7ff6eb70612c-7ff6eb706131 call 7ff6eb6fa9b8 556->564 569 7ff6eb705fbb-7ff6eb70602f call 7ff6eb70a540 * 4 call 7ff6eb702bcc call 7ff6eb706184 * 2 559->569 560->559 566 7ff6eb705fb1-7ff6eb705fb7 560->566 564->534 566->569 569->545 573->537 574->564 591 7ff6eb705dc0-7ff6eb705dc4 590->591 592 7ff6eb705dbc 590->592 591->590 594 7ff6eb705dc6-7ff6eb705deb call 7ff6eb6f6bc8 591->594 592->591 600 7ff6eb705dee-7ff6eb705df2 594->600 602 7ff6eb705df4-7ff6eb705dff 600->602 603 7ff6eb705e01-7ff6eb705e05 600->603 602->603 605 7ff6eb705e07-7ff6eb705e0b 602->605 603->600 608 7ff6eb705e0d-7ff6eb705e35 call 7ff6eb6f6bc8 605->608 609 7ff6eb705e8c-7ff6eb705e90 605->609 617 7ff6eb705e53-7ff6eb705e57 608->617 618 7ff6eb705e37 608->618 610 7ff6eb705e92-7ff6eb705e94 609->610 611 7ff6eb705e97-7ff6eb705ea4 609->611 610->611 613 7ff6eb705ebf-7ff6eb705ece call 7ff6eb7055f0 call 7ff6eb7055e0 611->613 614 7ff6eb705ea6-7ff6eb705ebc call 7ff6eb705b8c 611->614 613->484 614->613 617->609 620 7ff6eb705e59-7ff6eb705e77 call 7ff6eb6f6bc8 617->620 622 7ff6eb705e3a-7ff6eb705e41 618->622 629 7ff6eb705e83-7ff6eb705e8a 620->629 622->617 625 7ff6eb705e43-7ff6eb705e51 622->625 625->617 625->622 629->609 630 7ff6eb705e79-7ff6eb705e7d 629->630 630->609 631 7ff6eb705e7f 630->631 631->629
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6EB705CB5
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB705608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6EB70561C
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6FA9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF6EB702D92,?,?,?,00007FF6EB702DCF,?,?,00000000,00007FF6EB703295,?,?,?,00007FF6EB7031C7), ref: 00007FF6EB6FA9CE
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6FA9B8: GetLastError.KERNEL32(?,?,?,00007FF6EB702D92,?,?,?,00007FF6EB702DCF,?,?,00000000,00007FF6EB703295,?,?,?,00007FF6EB7031C7), ref: 00007FF6EB6FA9D8
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6FA970: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6EB6FA94F,?,?,?,?,?,00007FF6EB6FA83A), ref: 00007FF6EB6FA979
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6FA970: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6EB6FA94F,?,?,?,?,?,00007FF6EB6FA83A), ref: 00007FF6EB6FA99E
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6EB705CA4
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB705668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6EB70567C
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6EB705F1A
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6EB705F2B
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6EB705F3C
                                                                                                                                                                                                  • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6EB70617C), ref: 00007FF6EB705F63
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                  • API String ID: 4070488512-239921721
                                                                                                                                                                                                  • Opcode ID: 76424cc0ec02945f4fd2ccc640ea60475aa997d4131cc6c9dd67359800dfdabb
                                                                                                                                                                                                  • Instruction ID: 6014df573c36a118b3b8160d84f56aaf9fcf8f3341c4914f45f8c803902eb1d7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 76424cc0ec02945f4fd2ccc640ea60475aa997d4131cc6c9dd67359800dfdabb
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93D1C223A2824249EF209F21D4903B96761FF4C784F558136EA4DC7EB5EE3FE461874A
                                                                                                                                                                                                  Function 00007FF6EB7069D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 691 7ff6eb7069d4-7ff6eb706a47 call 7ff6eb706708 694 7ff6eb706a61-7ff6eb706a6b call 7ff6eb6f8590 691->694 695 7ff6eb706a49-7ff6eb706a52 call 7ff6eb6f4f58 691->695 701 7ff6eb706a6d-7ff6eb706a84 call 7ff6eb6f4f58 call 7ff6eb6f4f78 694->701 702 7ff6eb706a86-7ff6eb706aef CreateFileW 694->702 700 7ff6eb706a55-7ff6eb706a5c call 7ff6eb6f4f78 695->700 715 7ff6eb706da2-7ff6eb706dc2 700->715 701->700 705 7ff6eb706af1-7ff6eb706af7 702->705 706 7ff6eb706b6c-7ff6eb706b77 GetFileType 702->706 711 7ff6eb706b39-7ff6eb706b67 GetLastError call 7ff6eb6f4eec 705->711 712 7ff6eb706af9-7ff6eb706afd 705->712 708 7ff6eb706bca-7ff6eb706bd1 706->708 709 7ff6eb706b79-7ff6eb706bb4 GetLastError call 7ff6eb6f4eec CloseHandle 706->709 718 7ff6eb706bd3-7ff6eb706bd7 708->718 719 7ff6eb706bd9-7ff6eb706bdc 708->719 709->700 726 7ff6eb706bba-7ff6eb706bc5 call 7ff6eb6f4f78 709->726 711->700 712->711 713 7ff6eb706aff-7ff6eb706b37 CreateFileW 712->713 713->706 713->711 723 7ff6eb706be2-7ff6eb706c37 call 7ff6eb6f84a8 718->723 719->723 724 7ff6eb706bde 719->724 729 7ff6eb706c39-7ff6eb706c45 call 7ff6eb706910 723->729 730 7ff6eb706c56-7ff6eb706c87 call 7ff6eb706488 723->730 724->723 726->700 729->730 736 7ff6eb706c47 729->736 737 7ff6eb706c8d-7ff6eb706ccf 730->737 738 7ff6eb706c89-7ff6eb706c8b 730->738 739 7ff6eb706c49-7ff6eb706c51 call 7ff6eb6fab30 736->739 740 7ff6eb706cf1-7ff6eb706cfc 737->740 741 7ff6eb706cd1-7ff6eb706cd5 737->741 738->739 739->715 742 7ff6eb706d02-7ff6eb706d06 740->742 743 7ff6eb706da0 740->743 741->740 745 7ff6eb706cd7-7ff6eb706cec 741->745 742->743 746 7ff6eb706d0c-7ff6eb706d51 CloseHandle CreateFileW 742->746 743->715 745->740 748 7ff6eb706d53-7ff6eb706d81 GetLastError call 7ff6eb6f4eec call 7ff6eb6f86d0 746->748 749 7ff6eb706d86-7ff6eb706d9b 746->749 748->749 749->743
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1617910340-0
                                                                                                                                                                                                  • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                  • Instruction ID: 9c4aa14a5043806b8f80df848a5e8f0c1c6dd2b1e426d798bf6a000a8dd8db52
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8DC1BF37B28A4185EF10CFA5C4A02AC3761E749B98F115226DE2E97BF4DF3AE161D305
                                                                                                                                                                                                  Function 00007FF6EB6E83B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FindFirstFileW.KERNELBASE(?,00007FF6EB6E8B09,00007FF6EB6E3FA5), ref: 00007FF6EB6E841B
                                                                                                                                                                                                  • RemoveDirectoryW.KERNEL32(?,00007FF6EB6E8B09,00007FF6EB6E3FA5), ref: 00007FF6EB6E849E
                                                                                                                                                                                                  • DeleteFileW.KERNELBASE(?,00007FF6EB6E8B09,00007FF6EB6E3FA5), ref: 00007FF6EB6E84BD
                                                                                                                                                                                                  • FindNextFileW.KERNELBASE(?,00007FF6EB6E8B09,00007FF6EB6E3FA5), ref: 00007FF6EB6E84CB
                                                                                                                                                                                                  • FindClose.KERNEL32(?,00007FF6EB6E8B09,00007FF6EB6E3FA5), ref: 00007FF6EB6E84DC
                                                                                                                                                                                                  • RemoveDirectoryW.KERNELBASE(?,00007FF6EB6E8B09,00007FF6EB6E3FA5), ref: 00007FF6EB6E84E5
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                  • String ID: %s\*
                                                                                                                                                                                                  • API String ID: 1057558799-766152087
                                                                                                                                                                                                  • Opcode ID: 39a93d91a788addd72801eeb202cf5dd5373a6ceabdc1da620128e14205563d9
                                                                                                                                                                                                  • Instruction ID: efe4d73ea2d587f4f691179c16584c0f5e66593142a59d703d523894e9335561
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39a93d91a788addd72801eeb202cf5dd5373a6ceabdc1da620128e14205563d9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80418323A0C642C5EE219B54E8547BD6360FB9C750F400232D55DC6AB4EF3ED7499716
                                                                                                                                                                                                  Function 00007FF6EB705EEC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 1012 7ff6eb705eec-7ff6eb705f21 call 7ff6eb7055f8 call 7ff6eb705600 call 7ff6eb705668 1019 7ff6eb70605f-7ff6eb7060cd call 7ff6eb6fa970 call 7ff6eb7015e8 1012->1019 1020 7ff6eb705f27-7ff6eb705f32 call 7ff6eb705608 1012->1020 1032 7ff6eb7060cf-7ff6eb7060d6 1019->1032 1033 7ff6eb7060db-7ff6eb7060de 1019->1033 1020->1019 1026 7ff6eb705f38-7ff6eb705f43 call 7ff6eb705638 1020->1026 1026->1019 1031 7ff6eb705f49-7ff6eb705f6c call 7ff6eb6fa9b8 GetTimeZoneInformation 1026->1031 1044 7ff6eb706034-7ff6eb70605e call 7ff6eb7055f0 call 7ff6eb7055e0 call 7ff6eb7055e8 1031->1044 1045 7ff6eb705f72-7ff6eb705f93 1031->1045 1037 7ff6eb70616b-7ff6eb70616e 1032->1037 1034 7ff6eb706115-7ff6eb706128 call 7ff6eb6fd66c 1033->1034 1035 7ff6eb7060e0 1033->1035 1052 7ff6eb706133-7ff6eb70614e call 7ff6eb7015e8 1034->1052 1053 7ff6eb70612a 1034->1053 1038 7ff6eb7060e3 1035->1038 1037->1038 1041 7ff6eb706174-7ff6eb70617c call 7ff6eb705c70 1037->1041 1042 7ff6eb7060e8-7ff6eb706114 call 7ff6eb6fa9b8 call 7ff6eb6ec5c0 1038->1042 1043 7ff6eb7060e3 call 7ff6eb705eec 1038->1043 1041->1042 1043->1042 1048 7ff6eb705f95-7ff6eb705f9b 1045->1048 1049 7ff6eb705f9e-7ff6eb705fa5 1045->1049 1048->1049 1056 7ff6eb705fb9 1049->1056 1057 7ff6eb705fa7-7ff6eb705faf 1049->1057 1068 7ff6eb706155-7ff6eb706167 call 7ff6eb6fa9b8 1052->1068 1069 7ff6eb706150-7ff6eb706153 1052->1069 1060 7ff6eb70612c-7ff6eb706131 call 7ff6eb6fa9b8 1053->1060 1064 7ff6eb705fbb-7ff6eb70602f call 7ff6eb70a540 * 4 call 7ff6eb702bcc call 7ff6eb706184 * 2 1056->1064 1057->1056 1062 7ff6eb705fb1-7ff6eb705fb7 1057->1062 1060->1035 1062->1064 1064->1044 1068->1037 1069->1060
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6EB705F1A
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB705668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6EB70567C
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6EB705F2B
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB705608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6EB70561C
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6EB705F3C
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB705638: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6EB70564C
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6FA9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF6EB702D92,?,?,?,00007FF6EB702DCF,?,?,00000000,00007FF6EB703295,?,?,?,00007FF6EB7031C7), ref: 00007FF6EB6FA9CE
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6FA9B8: GetLastError.KERNEL32(?,?,?,00007FF6EB702D92,?,?,?,00007FF6EB702DCF,?,?,00000000,00007FF6EB703295,?,?,?,00007FF6EB7031C7), ref: 00007FF6EB6FA9D8
                                                                                                                                                                                                  • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6EB70617C), ref: 00007FF6EB705F63
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                  • API String ID: 3458911817-239921721
                                                                                                                                                                                                  • Opcode ID: 8084827ab6892e9bf44fc7ae7df730cc4e836e683a41a1d7f4ca7a201d78ec16
                                                                                                                                                                                                  • Instruction ID: 16d4e499768db0ae1114fca955ad79f3a46a0d810765dc12a4538906a94caad0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8084827ab6892e9bf44fc7ae7df730cc4e836e683a41a1d7f4ca7a201d78ec16
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E751A233A1864286EB10DF21D9916B96760FB4C784F454136EA4DC3EB6EF3FE520874A
                                                                                                                                                                                                  Function 00007FF6EB6E92F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2295610775-0
                                                                                                                                                                                                  • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                  • Instruction ID: a995e34b6a284595fcce01f76d9287d014a473d902608b87e22392cc776caea5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FF06833A1874186FB608B60B85976A7350EF8C764F440335D96D42AF4DF3DD1599B05
                                                                                                                                                                                                  Function 00007FF6EB700938 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1010374628-0
                                                                                                                                                                                                  • Opcode ID: 2d471da97334de2acf0262392bad6ca7d41a72817533bf8b70dbf69db73f0db4
                                                                                                                                                                                                  • Instruction ID: b74af04198d0e23c35f0583382d1f222b42b029df44f3b9d3acd764fe3516f0f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d471da97334de2acf0262392bad6ca7d41a72817533bf8b70dbf69db73f0db4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC02C023A1D64B40FE51AB11A4013792692AF0DBA0F594636DE5DC7BF1EE3FF420930A
                                                                                                                                                                                                  Function 00007FF6EB6E1950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 329 7ff6eb6e1950-7ff6eb6e198b call 7ff6eb6e45b0 332 7ff6eb6e1c4e-7ff6eb6e1c72 call 7ff6eb6ec5c0 329->332 333 7ff6eb6e1991-7ff6eb6e19d1 call 7ff6eb6e7f80 329->333 338 7ff6eb6e1c3b-7ff6eb6e1c3e call 7ff6eb6f00bc 333->338 339 7ff6eb6e19d7-7ff6eb6e19e7 call 7ff6eb6f0744 333->339 343 7ff6eb6e1c43-7ff6eb6e1c4b 338->343 344 7ff6eb6e19e9-7ff6eb6e1a03 call 7ff6eb6f4f78 call 7ff6eb6e2910 339->344 345 7ff6eb6e1a08-7ff6eb6e1a24 call 7ff6eb6f040c 339->345 343->332 344->338 350 7ff6eb6e1a45-7ff6eb6e1a5a call 7ff6eb6f4f98 345->350 351 7ff6eb6e1a26-7ff6eb6e1a40 call 7ff6eb6f4f78 call 7ff6eb6e2910 345->351 359 7ff6eb6e1a7b-7ff6eb6e1afc call 7ff6eb6e1c80 * 2 call 7ff6eb6f0744 350->359 360 7ff6eb6e1a5c-7ff6eb6e1a76 call 7ff6eb6f4f78 call 7ff6eb6e2910 350->360 351->338 371 7ff6eb6e1b01-7ff6eb6e1b14 call 7ff6eb6f4fb4 359->371 360->338 374 7ff6eb6e1b35-7ff6eb6e1b4e call 7ff6eb6f040c 371->374 375 7ff6eb6e1b16-7ff6eb6e1b30 call 7ff6eb6f4f78 call 7ff6eb6e2910 371->375 381 7ff6eb6e1b6f-7ff6eb6e1b8b call 7ff6eb6f0180 374->381 382 7ff6eb6e1b50-7ff6eb6e1b6a call 7ff6eb6f4f78 call 7ff6eb6e2910 374->382 375->338 389 7ff6eb6e1b9e-7ff6eb6e1bac 381->389 390 7ff6eb6e1b8d-7ff6eb6e1b99 call 7ff6eb6e2710 381->390 382->338 389->338 393 7ff6eb6e1bb2-7ff6eb6e1bb9 389->393 390->338 395 7ff6eb6e1bc1-7ff6eb6e1bc7 393->395 396 7ff6eb6e1be0-7ff6eb6e1bef 395->396 397 7ff6eb6e1bc9-7ff6eb6e1bd6 395->397 396->396 398 7ff6eb6e1bf1-7ff6eb6e1bfa 396->398 397->398 399 7ff6eb6e1c0f 398->399 400 7ff6eb6e1bfc-7ff6eb6e1bff 398->400 402 7ff6eb6e1c11-7ff6eb6e1c24 399->402 400->399 401 7ff6eb6e1c01-7ff6eb6e1c04 400->401 401->399 403 7ff6eb6e1c06-7ff6eb6e1c09 401->403 404 7ff6eb6e1c2d-7ff6eb6e1c39 402->404 405 7ff6eb6e1c26 402->405 403->399 406 7ff6eb6e1c0b-7ff6eb6e1c0d 403->406 404->338 404->395 405->404 406->402
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E7F80: _fread_nolock.LIBCMT ref: 00007FF6EB6E802A
                                                                                                                                                                                                  • _fread_nolock.LIBCMT ref: 00007FF6EB6E1A1B
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E2910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6EB6E1B6A), ref: 00007FF6EB6E295E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                  • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                  • API String ID: 2397952137-3497178890
                                                                                                                                                                                                  • Opcode ID: 2a1d170e840dceaee6f2da0756e3de0371e7b12602e63a76cd509f1e6af33911
                                                                                                                                                                                                  • Instruction ID: dab127ce722ccb2c26020e5d95131d5306677fe2b5b25622ff9f41af61607bb9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a1d170e840dceaee6f2da0756e3de0371e7b12602e63a76cd509f1e6af33911
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29819273A0C68685EB20DB15D4503BD23A0EF4CB84F544032DA4DC7BB5EE3EE685A74A
                                                                                                                                                                                                  Function 00007FF6EB6E1600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 407 7ff6eb6e1600-7ff6eb6e1611 408 7ff6eb6e1613-7ff6eb6e161c call 7ff6eb6e1050 407->408 409 7ff6eb6e1637-7ff6eb6e1651 call 7ff6eb6e45b0 407->409 416 7ff6eb6e162e-7ff6eb6e1636 408->416 417 7ff6eb6e161e-7ff6eb6e1629 call 7ff6eb6e2710 408->417 414 7ff6eb6e1653-7ff6eb6e1681 call 7ff6eb6f4f78 call 7ff6eb6e2910 409->414 415 7ff6eb6e1682-7ff6eb6e169c call 7ff6eb6e45b0 409->415 424 7ff6eb6e169e-7ff6eb6e16b3 call 7ff6eb6e2710 415->424 425 7ff6eb6e16b8-7ff6eb6e16cf call 7ff6eb6f0744 415->425 417->416 431 7ff6eb6e1821-7ff6eb6e1824 call 7ff6eb6f00bc 424->431 432 7ff6eb6e16d1-7ff6eb6e16f4 call 7ff6eb6f4f78 call 7ff6eb6e2910 425->432 433 7ff6eb6e16f9-7ff6eb6e16fd 425->433 441 7ff6eb6e1829-7ff6eb6e183b 431->441 446 7ff6eb6e1819-7ff6eb6e181c call 7ff6eb6f00bc 432->446 434 7ff6eb6e16ff-7ff6eb6e170b call 7ff6eb6e1210 433->434 435 7ff6eb6e1717-7ff6eb6e1737 call 7ff6eb6f4fb4 433->435 443 7ff6eb6e1710-7ff6eb6e1712 434->443 447 7ff6eb6e1761-7ff6eb6e176c 435->447 448 7ff6eb6e1739-7ff6eb6e175c call 7ff6eb6f4f78 call 7ff6eb6e2910 435->448 443->446 446->431 449 7ff6eb6e1802-7ff6eb6e180a call 7ff6eb6f4fa0 447->449 450 7ff6eb6e1772-7ff6eb6e1777 447->450 460 7ff6eb6e180f-7ff6eb6e1814 448->460 449->460 453 7ff6eb6e1780-7ff6eb6e17a2 call 7ff6eb6f040c 450->453 462 7ff6eb6e17a4-7ff6eb6e17bc call 7ff6eb6f0b4c 453->462 463 7ff6eb6e17da-7ff6eb6e17e6 call 7ff6eb6f4f78 453->463 460->446 468 7ff6eb6e17c5-7ff6eb6e17d8 call 7ff6eb6f4f78 462->468 469 7ff6eb6e17be-7ff6eb6e17c1 462->469 470 7ff6eb6e17ed-7ff6eb6e17f8 call 7ff6eb6e2910 463->470 468->470 469->453 472 7ff6eb6e17c3 469->472 475 7ff6eb6e17fd 470->475 472->475 475->449
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                  • API String ID: 2050909247-1550345328
                                                                                                                                                                                                  • Opcode ID: 79a07ce5d44a4a527e320f9bba7b0693ac174a5d9842ddaaf57a302337259006
                                                                                                                                                                                                  • Instruction ID: 46eb57372a77ca9235dd435c4e1cb2ee77d54e5a5370af46a6b778885e897826
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79a07ce5d44a4a527e320f9bba7b0693ac174a5d9842ddaaf57a302337259006
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7951A023B0864392EE109B1198103AA6361BF4CB94F544132EE0C87BF5EF3FE655E74A
                                                                                                                                                                                                  Function 00007FF6EB6E8850 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetTempPathW.KERNEL32(?,?,00000000,00007FF6EB6E3CBB), ref: 00007FF6EB6E88F4
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,00000000,00007FF6EB6E3CBB), ref: 00007FF6EB6E88FA
                                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,00000000,00007FF6EB6E3CBB), ref: 00007FF6EB6E893C
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E8A20: GetEnvironmentVariableW.KERNEL32(00007FF6EB6E388E), ref: 00007FF6EB6E8A57
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E8A20: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6EB6E8A79
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6F82A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6EB6F82C1
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E2810: MessageBoxW.USER32 ref: 00007FF6EB6E28EA
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                  • API String ID: 3563477958-1339014028
                                                                                                                                                                                                  • Opcode ID: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                                  • Instruction ID: 4b198afc1ceaf27a212a5ee6ced393448c775d6b9753c89eb5f82b01baa6273b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD418213A1964384EA21AB25AC553BE1391AF8D780F504131ED0DD7BF6EE3EE605E30A
                                                                                                                                                                                                  Function 00007FF6EB6E1210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 754 7ff6eb6e1210-7ff6eb6e126d call 7ff6eb6ebdf0 757 7ff6eb6e126f-7ff6eb6e1296 call 7ff6eb6e2710 754->757 758 7ff6eb6e1297-7ff6eb6e12af call 7ff6eb6f4fb4 754->758 763 7ff6eb6e12d4-7ff6eb6e12e4 call 7ff6eb6f4fb4 758->763 764 7ff6eb6e12b1-7ff6eb6e12cf call 7ff6eb6f4f78 call 7ff6eb6e2910 758->764 769 7ff6eb6e12e6-7ff6eb6e1304 call 7ff6eb6f4f78 call 7ff6eb6e2910 763->769 770 7ff6eb6e1309-7ff6eb6e131b 763->770 777 7ff6eb6e1439-7ff6eb6e144e call 7ff6eb6ebad0 call 7ff6eb6f4fa0 * 2 764->777 769->777 773 7ff6eb6e1320-7ff6eb6e1345 call 7ff6eb6f040c 770->773 783 7ff6eb6e1431 773->783 784 7ff6eb6e134b-7ff6eb6e1355 call 7ff6eb6f0180 773->784 791 7ff6eb6e1453-7ff6eb6e146d 777->791 783->777 784->783 790 7ff6eb6e135b-7ff6eb6e1367 784->790 792 7ff6eb6e1370-7ff6eb6e1398 call 7ff6eb6ea230 790->792 795 7ff6eb6e139a-7ff6eb6e139d 792->795 796 7ff6eb6e1416-7ff6eb6e142c call 7ff6eb6e2710 792->796 797 7ff6eb6e139f-7ff6eb6e13a9 795->797 798 7ff6eb6e1411 795->798 796->783 800 7ff6eb6e13d4-7ff6eb6e13d7 797->800 801 7ff6eb6e13ab-7ff6eb6e13b9 call 7ff6eb6f0b4c 797->801 798->796 803 7ff6eb6e13ea-7ff6eb6e13ef 800->803 804 7ff6eb6e13d9-7ff6eb6e13e7 call 7ff6eb709ea0 800->804 806 7ff6eb6e13be-7ff6eb6e13c1 801->806 803->792 805 7ff6eb6e13f5-7ff6eb6e13f8 803->805 804->803 808 7ff6eb6e13fa-7ff6eb6e13fd 805->808 809 7ff6eb6e140c-7ff6eb6e140f 805->809 810 7ff6eb6e13c3-7ff6eb6e13cd call 7ff6eb6f0180 806->810 811 7ff6eb6e13cf-7ff6eb6e13d2 806->811 808->796 813 7ff6eb6e13ff-7ff6eb6e1407 808->813 809->783 810->803 810->811 811->796 813->773
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                  • API String ID: 2050909247-2813020118
                                                                                                                                                                                                  • Opcode ID: 15fc9c742c9fb12a8c4ab664e8e5c311509e27342d3a39e207e1bde7a43e7c65
                                                                                                                                                                                                  • Instruction ID: a37595e9339618c5ffbd16f87bea5985aa402c7ceaaefafccb6dc1aa5cfe9b35
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15fc9c742c9fb12a8c4ab664e8e5c311509e27342d3a39e207e1bde7a43e7c65
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1510523A0864285EA209F11A8103BE63A1FF8C794F544131ED4DC7BF5EE3EE645E706
                                                                                                                                                                                                  Function 00007FF6EB6FED80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF6EB6FF11A,?,?,-00000018,00007FF6EB6FADC3,?,?,?,00007FF6EB6FACBA,?,?,?,00007FF6EB6F5FAE), ref: 00007FF6EB6FEEFC
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF6EB6FF11A,?,?,-00000018,00007FF6EB6FADC3,?,?,?,00007FF6EB6FACBA,?,?,?,00007FF6EB6F5FAE), ref: 00007FF6EB6FEF08
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                  • API String ID: 3013587201-537541572
                                                                                                                                                                                                  • Opcode ID: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                  • Instruction ID: 32770b9436bd2a6956cbe1562d8c664e623bed86402573b32ab7ee4cc26ae7fe
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E412323B19A0241FA15CF16B8107752B92BF4CB90FA94539DD1DC7BB4EE3EE904930A
                                                                                                                                                                                                  Function 00007FF6EB6E36B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,00007FF6EB6E3804), ref: 00007FF6EB6E36E1
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF6EB6E3804), ref: 00007FF6EB6E36EB
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6EB6E3706,?,00007FF6EB6E3804), ref: 00007FF6EB6E2C9E
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6EB6E3706,?,00007FF6EB6E3804), ref: 00007FF6EB6E2D63
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E2C50: MessageBoxW.USER32 ref: 00007FF6EB6E2D99
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                  • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                  • API String ID: 3187769757-2863816727
                                                                                                                                                                                                  • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                  • Instruction ID: 46265f618b0c3957feb2741e9c3188942ef334cd47395bf4fdda2e9a286175b5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3213063B1864291FE219720EC553BA2361BF8C354F804232E55DC66F5FE2EE609D70E
                                                                                                                                                                                                  Function 00007FF6EB6FBACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 899 7ff6eb6fbacc-7ff6eb6fbaf2 900 7ff6eb6fbaf4-7ff6eb6fbb08 call 7ff6eb6f4f58 call 7ff6eb6f4f78 899->900 901 7ff6eb6fbb0d-7ff6eb6fbb11 899->901 919 7ff6eb6fbefe 900->919 903 7ff6eb6fbee7-7ff6eb6fbef3 call 7ff6eb6f4f58 call 7ff6eb6f4f78 901->903 904 7ff6eb6fbb17-7ff6eb6fbb1e 901->904 921 7ff6eb6fbef9 call 7ff6eb6fa950 903->921 904->903 906 7ff6eb6fbb24-7ff6eb6fbb52 904->906 906->903 909 7ff6eb6fbb58-7ff6eb6fbb5f 906->909 913 7ff6eb6fbb61-7ff6eb6fbb73 call 7ff6eb6f4f58 call 7ff6eb6f4f78 909->913 914 7ff6eb6fbb78-7ff6eb6fbb7b 909->914 913->921 917 7ff6eb6fbee3-7ff6eb6fbee5 914->917 918 7ff6eb6fbb81-7ff6eb6fbb87 914->918 922 7ff6eb6fbf01-7ff6eb6fbf18 917->922 918->917 923 7ff6eb6fbb8d-7ff6eb6fbb90 918->923 919->922 921->919 923->913 926 7ff6eb6fbb92-7ff6eb6fbbb7 923->926 928 7ff6eb6fbbea-7ff6eb6fbbf1 926->928 929 7ff6eb6fbbb9-7ff6eb6fbbbb 926->929 930 7ff6eb6fbbf3-7ff6eb6fbc1b call 7ff6eb6fd66c call 7ff6eb6fa9b8 * 2 928->930 931 7ff6eb6fbbc6-7ff6eb6fbbdd call 7ff6eb6f4f58 call 7ff6eb6f4f78 call 7ff6eb6fa950 928->931 932 7ff6eb6fbbe2-7ff6eb6fbbe8 929->932 933 7ff6eb6fbbbd-7ff6eb6fbbc4 929->933 962 7ff6eb6fbc1d-7ff6eb6fbc33 call 7ff6eb6f4f78 call 7ff6eb6f4f58 930->962 963 7ff6eb6fbc38-7ff6eb6fbc63 call 7ff6eb6fc2f4 930->963 960 7ff6eb6fbd70 931->960 934 7ff6eb6fbc68-7ff6eb6fbc7f 932->934 933->931 933->932 937 7ff6eb6fbc81-7ff6eb6fbc89 934->937 938 7ff6eb6fbcfa-7ff6eb6fbd04 call 7ff6eb70398c 934->938 937->938 941 7ff6eb6fbc8b-7ff6eb6fbc8d 937->941 951 7ff6eb6fbd8e 938->951 952 7ff6eb6fbd0a-7ff6eb6fbd1f 938->952 941->938 945 7ff6eb6fbc8f-7ff6eb6fbca5 941->945 945->938 949 7ff6eb6fbca7-7ff6eb6fbcb3 945->949 949->938 956 7ff6eb6fbcb5-7ff6eb6fbcb7 949->956 958 7ff6eb6fbd93-7ff6eb6fbdb3 ReadFile 951->958 952->951 954 7ff6eb6fbd21-7ff6eb6fbd33 GetConsoleMode 952->954 954->951 959 7ff6eb6fbd35-7ff6eb6fbd3d 954->959 956->938 961 7ff6eb6fbcb9-7ff6eb6fbcd1 956->961 964 7ff6eb6fbead-7ff6eb6fbeb6 GetLastError 958->964 965 7ff6eb6fbdb9-7ff6eb6fbdc1 958->965 959->958 967 7ff6eb6fbd3f-7ff6eb6fbd61 ReadConsoleW 959->967 970 7ff6eb6fbd73-7ff6eb6fbd7d call 7ff6eb6fa9b8 960->970 961->938 971 7ff6eb6fbcd3-7ff6eb6fbcdf 961->971 962->960 963->934 968 7ff6eb6fbed3-7ff6eb6fbed6 964->968 969 7ff6eb6fbeb8-7ff6eb6fbece call 7ff6eb6f4f78 call 7ff6eb6f4f58 964->969 965->964 973 7ff6eb6fbdc7 965->973 975 7ff6eb6fbd63 GetLastError 967->975 976 7ff6eb6fbd82-7ff6eb6fbd8c 967->976 980 7ff6eb6fbedc-7ff6eb6fbede 968->980 981 7ff6eb6fbd69-7ff6eb6fbd6b call 7ff6eb6f4eec 968->981 969->960 970->922 971->938 979 7ff6eb6fbce1-7ff6eb6fbce3 971->979 983 7ff6eb6fbdce-7ff6eb6fbde3 973->983 975->981 976->983 979->938 988 7ff6eb6fbce5-7ff6eb6fbcf5 979->988 980->970 981->960 983->970 984 7ff6eb6fbde5-7ff6eb6fbdf0 983->984 990 7ff6eb6fbdf2-7ff6eb6fbe0b call 7ff6eb6fb6e4 984->990 991 7ff6eb6fbe17-7ff6eb6fbe1f 984->991 988->938 999 7ff6eb6fbe10-7ff6eb6fbe12 990->999 995 7ff6eb6fbe21-7ff6eb6fbe33 991->995 996 7ff6eb6fbe9b-7ff6eb6fbea8 call 7ff6eb6fb524 991->996 1000 7ff6eb6fbe35 995->1000 1001 7ff6eb6fbe8e-7ff6eb6fbe96 995->1001 996->999 999->970 1003 7ff6eb6fbe3a-7ff6eb6fbe41 1000->1003 1001->970 1004 7ff6eb6fbe43-7ff6eb6fbe47 1003->1004 1005 7ff6eb6fbe7d-7ff6eb6fbe88 1003->1005 1006 7ff6eb6fbe63 1004->1006 1007 7ff6eb6fbe49-7ff6eb6fbe50 1004->1007 1005->1001 1009 7ff6eb6fbe69-7ff6eb6fbe79 1006->1009 1007->1006 1008 7ff6eb6fbe52-7ff6eb6fbe56 1007->1008 1008->1006 1010 7ff6eb6fbe58-7ff6eb6fbe61 1008->1010 1009->1003 1011 7ff6eb6fbe7b 1009->1011 1010->1009 1011->1001
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 71330427dde7a49afb2283bb308656113f98e0c66a4f806cd66398b14c9322eb
                                                                                                                                                                                                  • Instruction ID: f1d69c51edbabb22e75b5d5188142adebccc781bf2976b9ca063be4fb6d56449
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71330427dde7a49afb2283bb308656113f98e0c66a4f806cd66398b14c9322eb
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81C1D423A1C68681E7609F1594403BD7B61EB89BC0F794131EA4E837F1CF7EE855970A
                                                                                                                                                                                                  Function 00007FF6EB6E8760 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 995526605-0
                                                                                                                                                                                                  • Opcode ID: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                                  • Instruction ID: 90b4420b6f5a35834c78719cfa94eb4468e297636807ef698507c7fabdfd8268
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD215E33A1C64282EB109B55B89433EA7A0FF897A0F100235EAADC3BF4DE6ED554C705
                                                                                                                                                                                                  Function 00007FF6EB6E90E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E8760: GetCurrentProcess.KERNEL32 ref: 00007FF6EB6E8780
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E8760: OpenProcessToken.ADVAPI32 ref: 00007FF6EB6E8793
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E8760: GetTokenInformation.KERNELBASE ref: 00007FF6EB6E87B8
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E8760: GetLastError.KERNEL32 ref: 00007FF6EB6E87C2
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E8760: GetTokenInformation.KERNELBASE ref: 00007FF6EB6E8802
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E8760: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF6EB6E881E
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E8760: CloseHandle.KERNELBASE ref: 00007FF6EB6E8836
                                                                                                                                                                                                  • LocalFree.KERNEL32(?,00007FF6EB6E3C55), ref: 00007FF6EB6E916C
                                                                                                                                                                                                  • LocalFree.KERNEL32(?,00007FF6EB6E3C55), ref: 00007FF6EB6E9175
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                  • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                  • API String ID: 6828938-1529539262
                                                                                                                                                                                                  • Opcode ID: 44a76ac2d965b652da6d7152683ffc914eb32e79e00aec7a7a922ce7c9633e88
                                                                                                                                                                                                  • Instruction ID: 6c305aad829b145cd751171a340da23c38f0d3b8c4b948560f15a9f987788d99
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44a76ac2d965b652da6d7152683ffc914eb32e79e00aec7a7a922ce7c9633e88
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37214F32A1874281EB10AB10E9153EE6361EF8C780F444036EA4D93BB6DF3EEA559746
                                                                                                                                                                                                  Function 00007FF6EB6E7E10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(00000000,?,00007FF6EB6E352C,?,00000000,00007FF6EB6E3F23), ref: 00007FF6EB6E7F22
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateDirectory
                                                                                                                                                                                                  • String ID: %.*s$%s%c$\
                                                                                                                                                                                                  • API String ID: 4241100979-1685191245
                                                                                                                                                                                                  • Opcode ID: b1106a047486010b66b16d7d561c3e0e79f8eec2dc114c611d5a943da294bb6a
                                                                                                                                                                                                  • Instruction ID: 319b2bb2b50d411cea74c1a3c28c31a6812fe793d759ddc26c0fbf84273cd098
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1106a047486010b66b16d7d561c3e0e79f8eec2dc114c611d5a943da294bb6a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B631D833619AC145EA218721A8507BE6354EF8CBE4F041231EE6D8BBE9EE2DD7059705
                                                                                                                                                                                                  Function 00007FF6EB6FCFD0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EB6FCFBB), ref: 00007FF6EB6FD0EC
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EB6FCFBB), ref: 00007FF6EB6FD177
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 953036326-0
                                                                                                                                                                                                  • Opcode ID: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                  • Instruction ID: a1b538c4b22225fbc2996a9dcb849cfcde41c6d4d421ac77716eb8cd02873799
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41910673F1865295F750DF6594403BD2BA0BB48B88F244139DE0EA3AA5DF3EE442E706
                                                                                                                                                                                                  Function 00007FF6EB6FF9FC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _get_daylight$_isindst
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4170891091-0
                                                                                                                                                                                                  • Opcode ID: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                  • Instruction ID: 995ea29b1851e48c0781738dfc51035fe9a2235ed665eac8de02f970be4343fa
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14510873F091128AFB24DF6499917BC37A1AB58398F600136DE1ED3AF5DF3AA4018705
                                                                                                                                                                                                  Function 00007FF6EB6F57EC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2780335769-0
                                                                                                                                                                                                  • Opcode ID: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                  • Instruction ID: 8788d106c49c7f772e7c8b2985b0d60882650d140030c854f5280a0043a22838
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0519C23E086818AFB14DFB1D4503BD27A1FB48B98F244435DE0D97AA8DF39D951D706
                                                                                                                                                                                                  Function 00007FF6EB6F5698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1279662727-0
                                                                                                                                                                                                  • Opcode ID: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                  • Instruction ID: cd2f1c40fd28773b8491bc382a644c195a4105b2773c10c72e77d626fce2d7dc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A241C623D1878183E7109F2095503796760FB98758F208335E65C83AF1DF7DA5E09745
                                                                                                                                                                                                  Function 00007FF6EB6ECCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3251591375-0
                                                                                                                                                                                                  • Opcode ID: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                  • Instruction ID: 9c15a311a10ae226a1110e00dbd5b09ebfb08dcceafb1a48b3f4d4aabec50044
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6315723E0920345EA14AB6498223BD2792AF49384F445435E90DCB6F3DE2FF705E74B
                                                                                                                                                                                                  Function 00007FF6EB6F9AA0 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                                                  • Opcode ID: 230ddfbeb2cfdc83e04e02b0fbb537ff9f96aef2fd2a5ab3fdce6eee95276a48
                                                                                                                                                                                                  • Instruction ID: 1a40a6e2e3e581fcc9e08905cb163ebe4ed556f25e08c717daf5f49ade949351
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 230ddfbeb2cfdc83e04e02b0fbb537ff9f96aef2fd2a5ab3fdce6eee95276a48
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24D06C22B0864642EA182F7058A93781B52AF8CB45F241439C80B867F3ED2FE959930A
                                                                                                                                                                                                  Function 00007FF6EB6F01AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                  • Instruction ID: 8b6538c38f17ddfc8acd982dabb06415738a4e875d8c161624c02868f5ab74fb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A351E763B0924386EF299E65940077A6391BF4CBA4F344734DE6C837E5CF3EE401A61A
                                                                                                                                                                                                  Function 00007FF6EB6FC1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2976181284-0
                                                                                                                                                                                                  • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                  • Instruction ID: ae4368f8e5423bf0fca9b887d80b91db67cce29496d108258a9e20408392643a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD110462608A4181DA108B25A8102696361FB49BF0F640331EE7D8BBF8CF3DD0118705
                                                                                                                                                                                                  Function 00007FF6EB6F5994 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EB6F58A9), ref: 00007FF6EB6F59C7
                                                                                                                                                                                                  • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EB6F58A9), ref: 00007FF6EB6F59DD
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1707611234-0
                                                                                                                                                                                                  • Opcode ID: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                  • Instruction ID: bd29f92115eb1813b16d6b9556add2471e6c3da9e2c4a02ccbc48961f02ee073
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA11913361C65282EA548F11A45123AB760FB88775F600236FAADC1AF8EF2ED524DB05
                                                                                                                                                                                                  Function 00007FF6EB6FA9B8 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(?,?,?,00007FF6EB702D92,?,?,?,00007FF6EB702DCF,?,?,00000000,00007FF6EB703295,?,?,?,00007FF6EB7031C7), ref: 00007FF6EB6FA9CE
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF6EB702D92,?,?,?,00007FF6EB702DCF,?,?,00000000,00007FF6EB703295,?,?,?,00007FF6EB7031C7), ref: 00007FF6EB6FA9D8
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 485612231-0
                                                                                                                                                                                                  • Opcode ID: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                  • Instruction ID: b21c00616d2c823b2a9010b44ae4cb3fbbeac86807e913109098522fedb6bb44
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13E08653F1920342FF145FB254953381761AF8C740F554035D91DC67B1EE2E6995931A
                                                                                                                                                                                                  Function 00007FF6EB6FABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CloseHandle.KERNELBASE(?,?,?,00007FF6EB6FAA45,?,?,00000000,00007FF6EB6FAAFA), ref: 00007FF6EB6FAC36
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF6EB6FAA45,?,?,00000000,00007FF6EB6FAAFA), ref: 00007FF6EB6FAC40
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseErrorHandleLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 918212764-0
                                                                                                                                                                                                  • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                  • Instruction ID: e209b7c539fd28197e0d2408eddeadd5b82987c5fa4a09db3846ec8a2ba20f22
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F21A413F1C64241FE905B61949037D13A29F8C790F2C4275DA1EC77F1CE6EE445A34A
                                                                                                                                                                                                  Function 00007FF6EB6FBF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                  • Instruction ID: f8981343ec41f30830113aaedfecd83017e3c5e9fe240372df73e77f5dae4a74
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E541B23391920187EA34DF19E54137977A4EB5AB84F280131DA8EC76A1CF2FE442DB5A
                                                                                                                                                                                                  Function 00007FF6EB6E7F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _fread_nolock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 840049012-0
                                                                                                                                                                                                  • Opcode ID: da6d8642933419ebf05c3617bd1a462a1bcc311e92338bbe222da65283b0d714
                                                                                                                                                                                                  • Instruction ID: 09602021bfae4181b6c7316c5f6e5fbb99dc836ebb40925e1909271a79b7d695
                                                                                                                                                                                                  • Opcode Fuzzy Hash: da6d8642933419ebf05c3617bd1a462a1bcc311e92338bbe222da65283b0d714
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3321B122B0865285FE119A1269043BE9751BF4DBD4F8C4430EE4D8BBA6CE3EF141970A
                                                                                                                                                                                                  Function 00007FF6EB6FB9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                  • Instruction ID: 6f461d51dba585280de45231a3c7ab35e8b0591da82c2db3cc18a03e839965ac
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3631A023E2C64285F7515F55884137C2B60EB88B94F694135EA2D837F2CF7EE441A72A
                                                                                                                                                                                                  Function 00007FF6EB6F99D1 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3947729631-0
                                                                                                                                                                                                  • Opcode ID: c67799cafce48778543f3f8f4be5d8193b6380671b5390c3378b203fc6564281
                                                                                                                                                                                                  • Instruction ID: 8328ba511c8d1f88e54f3e00df94a7cad2eb30bf1dc531cef5082fe95164a14f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c67799cafce48778543f3f8f4be5d8193b6380671b5390c3378b203fc6564281
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90217F32A04782CAEB248F68C4443EC37A5FB48718F644636D62D86AE5DF39D544DB45
                                                                                                                                                                                                  Function 00007FF6EB6F6004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                  • Instruction ID: 254ade00f76902564c8b9d652bd391c0f56c6f61e369a11a8de8480d6366bf81
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B119623A1E64142EA609F11940137DA760BF8DB88F654071EF4DD7AB6DF3ED800AB4A
                                                                                                                                                                                                  Function 00007FF6EB7063C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                  • Instruction ID: 93d32349562a76f003347f1bfcbd17af38ed6abead1085b0d4eaf00935608c04
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B321B37361C64286DB618F58E450379B6A0EB88B54F240235E69DC7AF5EF3ED4109B05
                                                                                                                                                                                                  Function 00007FF6EB6F042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                  • Instruction ID: 0fdc4e2ff3eb77f0360eef7c75af362bb5bb96bd170e19435c4c8aae685d9ff6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A201C823E0874281EE14DF525901269A791BF89FE0F684631DE6C97BF6DE3ED4015309
                                                                                                                                                                                                  Function 00007FF6EB6F7F6C Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 6832eb5f98ca96f5e7cd25db8366a3c1a8b2d6b45623d2691d830cdd3d76c9ad
                                                                                                                                                                                                  • Instruction ID: 0e43b3a1572f35b39364c6d4c0b1c8bae1e7d4f45233f3b153886d3e34ce82d3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6832eb5f98ca96f5e7cd25db8366a3c1a8b2d6b45623d2691d830cdd3d76c9ad
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F016D22E1E24340FE609F25690137963A0AF4C794F644235EB5CCBAF6DF2EE451A20B
                                                                                                                                                                                                  Function 00007FF6EB6F82A8 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                  • Instruction ID: bdb41210e96bea70f3310dec6643aba6f2a140b1e2a14c879d9e595430531e7b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D6E08CA3F1960386F6213EA404823791720AF8E340F604470EA0C863F3DE2E7848722B
                                                                                                                                                                                                  Function 00007FF6EB6FD66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,?,00007FF6EB6F0D00,?,?,?,00007FF6EB6F236A,?,?,?,?,?,00007FF6EB6F3B59), ref: 00007FF6EB6FD6AA
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                  • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                  • Instruction ID: 7c883a7c9cc67130374d552adc61a605f9493c9ee90154c25b9d97304917a6a0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F8F03412A0920244FE646BA1595137923904F9CBA0F290230EC2ED67F2EE2FB490A21A

                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                  Function 00007FF6EB6E5820 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E5830
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E5842
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E5879
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E588B
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E58A4
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E58B6
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E58CF
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E58E1
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E58FD
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E590F
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E592B
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E593D
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E5959
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E596B
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E5987
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E5999
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E59B5
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E59C7
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressErrorLastProc
                                                                                                                                                                                                  • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                  • API String ID: 199729137-653951865
                                                                                                                                                                                                  • Opcode ID: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                  • Instruction ID: 0ee4d0ba61533fe5376e195a6e766eb6b070652b561e4b1ca2d00b46566a604b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F022846690DB0791FE159B65ACA437823A4BF0C745F445036C81E82BB0FF3FB669930A
                                                                                                                                                                                                  Function 00007FF6EB70411C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                  • API String ID: 808467561-2761157908
                                                                                                                                                                                                  • Opcode ID: 5eb30dd7dc62229e37aa5031b27090d50e2656cb9eae334aa241f26caa9cb01e
                                                                                                                                                                                                  • Instruction ID: 4e816f0f78cc855be3255cc5b19bdd173f2305e9d79897dbd6d2c36e36a072d4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5eb30dd7dc62229e37aa5031b27090d50e2656cb9eae334aa241f26caa9cb01e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 63B2C573A182828BEB248E64D4407FD77B1FB58348F505136DA0D97EB4EF3BAA508B45
                                                                                                                                                                                                  Function 00007FF6EB6EAD1D Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                  • API String ID: 0-2665694366
                                                                                                                                                                                                  • Opcode ID: 183baba8c618070380c74d0f680cff30a06716a401d1faaba0935d79222a4dc0
                                                                                                                                                                                                  • Instruction ID: 36912a4e4926b9136bce37d2e4dd21b1bc41f9d1ec41188b926d137aac41c5ef
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 183baba8c618070380c74d0f680cff30a06716a401d1faaba0935d79222a4dc0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33522673A146A68BD7948F14C898B7E3BA9FB48300F054139E64AC7790DF3EEA44DB45
                                                                                                                                                                                                  Function 00007FF6EB6ED19C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3140674995-0
                                                                                                                                                                                                  • Opcode ID: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                  • Instruction ID: e3e305e2fb8781eedd337a9be3a449faef94a6a6220ea94c158b30ebabe64d4a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F315073608B818AEB608F60E8903EE7360FB88744F04403ADB4D97BA4EF79D659C715
                                                                                                                                                                                                  Function 00007FF6EB6FA684 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1239891234-0
                                                                                                                                                                                                  • Opcode ID: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                  • Instruction ID: 0a39659bfaf87afc2c860291ea44d931dcf952212375d9d039cb2ab6702e19e3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6317E37608B8186DB20CF24E8407AE77A4FB88754F540136EA8D83BB8EF3DD2558B05
                                                                                                                                                                                                  Function 00007FF6EB7018E4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2227656907-0
                                                                                                                                                                                                  • Opcode ID: 5fde642f47360a120b3bbdc49a752417dcdc94f7dd720a243365bab1f94d45be
                                                                                                                                                                                                  • Instruction ID: c25617bd5ae4a624b3fcfa98f5e158b31b2e56bde95753b8a047c986badadce4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5fde642f47360a120b3bbdc49a752417dcdc94f7dd720a243365bab1f94d45be
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F8B1A163B1868241EE619B6294103BA63A1EB48BE4F544132FA5D87FF5FF3EE451C306
                                                                                                                                                                                                  Function 00007FF6EB6ED080 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                  • Opcode ID: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                  • Instruction ID: fcbb76bfa5138d37d9f257d9b654a3fb0ffe3e3aa90902b9caa3e4703497c118
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F114C32B14B058AEF00CB60E8553A933A4FB1D758F040E31DA2D86BB4EF39D2698345
                                                                                                                                                                                                  Function 00007FF6EB703C80 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy_s
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1502251526-0
                                                                                                                                                                                                  • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                  • Instruction ID: 6b8f8575c2f04dc36afe989fea43548c6d55a0649277cdc26bd2f09c10edc413
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28C1E473A1828687DB248F19A14476AB7A1F79C784F458136DF4A83B64EF3FE850CB04
                                                                                                                                                                                                  Function 00007FF6EB6EA4E4 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                  • API String ID: 0-1127688429
                                                                                                                                                                                                  • Opcode ID: 41de47797cb66f1826093f4b1d60416fd99d26d25a53ce6bfd127eaa39bdfb5e
                                                                                                                                                                                                  • Instruction ID: 0390dc9451830619360deb6c6ebf4c5ac048465f13caeab5a83a6b4afd03664c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41de47797cb66f1826093f4b1d60416fd99d26d25a53ce6bfd127eaa39bdfb5e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51F19573A143D58BE7958F148888B3E3BA9EF49740F064538DA49973A0CF39D641DB85
                                                                                                                                                                                                  Function 00007FF6EB709798 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 15204871-0
                                                                                                                                                                                                  • Opcode ID: 2f74b2cda317b12825bead48c90720a79ba1abfeed249303701d480a1679e454
                                                                                                                                                                                                  • Instruction ID: 08f4cef3e13a13765228c083a5577a99dd208d75829019ce89bb0c5c29ce4506
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f74b2cda317b12825bead48c90720a79ba1abfeed249303701d480a1679e454
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12B15E73614B858BEB15CF2DC84636877A0F788B48F158922DA5D83BB4DF3AD861C705
                                                                                                                                                                                                  Function 00007FF6EB6F3A14 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: $
                                                                                                                                                                                                  • API String ID: 0-227171996
                                                                                                                                                                                                  • Opcode ID: 3098a868bf4d382f942c0283459ab4806c0f53f7eb332f8174ba39f6fc7772a0
                                                                                                                                                                                                  • Instruction ID: 726723ac4255350aa8754729151efcff41c2c832353a1628625a9fbe994fcb8d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3098a868bf4d382f942c0283459ab4806c0f53f7eb332f8174ba39f6fc7772a0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2E1963790964686EB688F29C25023D3360FF5DB88F345135DA4E876B4DF2BD851E70A
                                                                                                                                                                                                  Function 00007FF6EB6EA34B Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: incorrect header check$invalid window size
                                                                                                                                                                                                  • API String ID: 0-900081337
                                                                                                                                                                                                  • Opcode ID: 5aba513b73eb8988df982bd12c0510577381bb82701c7147ce4cedc0b53fa8f7
                                                                                                                                                                                                  • Instruction ID: b002989c63d7a2fcc3cbc1efaeb437daea561d5dfb5caae01da6fa26e6e2a279
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5aba513b73eb8988df982bd12c0510577381bb82701c7147ce4cedc0b53fa8f7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D918773A1828687E7A48E15D888B3E3BA9FB48354F154139DB4AC67E0CF39E640DB45
                                                                                                                                                                                                  Function 00007FF6EB6FDF60 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: e+000$gfff
                                                                                                                                                                                                  • API String ID: 0-3030954782
                                                                                                                                                                                                  • Opcode ID: b62be3d0480bbbd0e022829aa0980c84d51f153df7fa61e27e52cad2b39beef0
                                                                                                                                                                                                  • Instruction ID: ec398a3927255c12f743a24622f49703f9749b7be379bf4ec62ce3651ae1b7b2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b62be3d0480bbbd0e022829aa0980c84d51f153df7fa61e27e52cad2b39beef0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58516963B182C186E724CE35A8007696B91E758B94F589232CBACC7BE5CF3FE454C706
                                                                                                                                                                                                  Function 00007FF6EB6FDACC Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: gfffffff
                                                                                                                                                                                                  • API String ID: 0-1523873471
                                                                                                                                                                                                  • Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                  • Instruction ID: d072fe7df26ffd10f1a819c0896188e04a3cf2f10248aa5728d25cab288b612e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99A17763B097C546EB21CF29A0007AD7B95EB69BC4F248032DE8D977A5DE3EE501D702
                                                                                                                                                                                                  Function 00007FF6EB6F8804 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: TMP
                                                                                                                                                                                                  • API String ID: 3215553584-3125297090
                                                                                                                                                                                                  • Opcode ID: 5f14576829c2a404d65bc8e6713cc3c63392e5e443677cfdf71167dbae88db0a
                                                                                                                                                                                                  • Instruction ID: fde102b85b6e4822ebd764f692ad89f3b679ceab2fda92eba686b842abcb70ad
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f14576829c2a404d65bc8e6713cc3c63392e5e443677cfdf71167dbae88db0a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB51C303F1824281FA65AF26590137A5391AF8CBC4F684175DE1EC7BF6EE3EE411630A
                                                                                                                                                                                                  Function 00007FF6EB7034F0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: HeapProcess
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 54951025-0
                                                                                                                                                                                                  • Opcode ID: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                                  • Instruction ID: 6d09bc7f591b3178763c0bf9a9f2a0cc1d31095ff256fca2e27038f50437bd9e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BBB09221E17A02C6EE082B216C8232822A47F4C701F990139C40CC1730EE2E22F65706
                                                                                                                                                                                                  Function 00007FF6EB6F3610 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 5f2a1199bc68cddcf3b08423a19983f3afdde0c7e054ddf4c3f66946da216a90
                                                                                                                                                                                                  • Instruction ID: 1513bbe8f91aba9522f33f5a5af01cf3eb715860966bd45c0d3a938451b2d9c7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f2a1199bc68cddcf3b08423a19983f3afdde0c7e054ddf4c3f66946da216a90
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90D1A163A0864285EB688F29825037D27A0EF49B48F344235CE1D877B5DF3FE845E74A
                                                                                                                                                                                                  Function 00007FF6EB6E9870 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 069bb313382d3adaff5ac451a95cb3dd74dda88d5dd80987c9f0d361d468a953
                                                                                                                                                                                                  • Instruction ID: a8ef2783178bc9668db182f7c76993f1710e72b157b0a0f16665bf94ef3d94c1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 069bb313382d3adaff5ac451a95cb3dd74dda88d5dd80987c9f0d361d468a953
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4DC1AE722181E08BD289EB29E87947A73D1FB8930DB95406BEF87477C5CB3CA514EB11
                                                                                                                                                                                                  Function 00007FF6EB6F2C80 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 2617fd8e8f043c0917c6a56c5cabdca8b91b1cd744d59a3c82f21f331bc63c74
                                                                                                                                                                                                  • Instruction ID: 5d8743717a632f7de7ba8eb20ad665ff417b4c52e89921249abd52afb76a43f5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2617fd8e8f043c0917c6a56c5cabdca8b91b1cd744d59a3c82f21f331bc63c74
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8FB16C73A1978586E7658F29C05037C3BA0F749B48F384135EA5E873A5CF3AD441EB4A
                                                                                                                                                                                                  Function 00007FF6EB6FE5E0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 73948b09e9837a821f5a3b4bbb106c60bdc2a86aaa707f45330964650836ebfe
                                                                                                                                                                                                  • Instruction ID: c980afe640cc70007bb69946ca4099c53f10117868287d302a98362baf649129
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 73948b09e9837a821f5a3b4bbb106c60bdc2a86aaa707f45330964650836ebfe
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF81B173A0C78186EB74CF19E44037A6B91FB49794F244235DA9D87BA9DE3EE4009B06
                                                                                                                                                                                                  Function 00007FF6EB706488 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: b78332369169aed8be6dd13cc6d08ed8a401c1151d3c5d6e5b3c154adaf735d2
                                                                                                                                                                                                  • Instruction ID: fb2a899f0e468975887795bd67abe4a9adab21c65fb0430a1341253505bebcf5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b78332369169aed8be6dd13cc6d08ed8a401c1151d3c5d6e5b3c154adaf735d2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F761EC23E0C19246FF648AA8846433D6680AF49760F14423AD71EC7EF5FE7FE810A706
                                                                                                                                                                                                  Function 00007FF6EB6F19B4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                  • Instruction ID: 43267b74d329548c0adbdca7ae55ee2e79452ace2c300eddb84135dbc2f87b16
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10515C37A1865186E7248F29C04432937B0EB49FA8F345135CA8D977A8DF3BE853EB45
                                                                                                                                                                                                  Function 00007FF6EB6F21D4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                  • Instruction ID: eafff40fcae929a565ba61575e4742933f9e3701575c0dad6cf833e85a30bca2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51514E77A1865186E7648F29C04032867A0FB59B68F344131EE6D977A8CF3BE843DB45
                                                                                                                                                                                                  Function 00007FF6EB6F1DC4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                  • Instruction ID: 6b8eb6b2d4bd338157d76aa37e40fc8085a7d3b0af427f093ca862f5bd9959e7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A516E37A1965282E7248F29C05032837B1EB4DBA8F344235DA4D977A4CF3BEC42E745
                                                                                                                                                                                                  Function 00007FF6EB6F1BC0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                  • Instruction ID: b1263759edcc4ec40bac62195cb203ddf6a16dcac6df90bfddf0def44d81618d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19515B37A19A5586E7248F2AC04032827B1EB49B98F345131CE4D977B9CF3BE843E749
                                                                                                                                                                                                  Function 00007FF6EB6F17B0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                  • Instruction ID: 468a0bf7561c4fe9233a798d8addee1552d301823642843c4acca23d18ca6d05
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30517D37A1865186E7248F29D14033C27B1EB49B98F345135CA5D977A8CF3BE842E789
                                                                                                                                                                                                  Function 00007FF6EB6F1FD0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                  • Instruction ID: 1b9e82caa329a07ee3d9188e6e50ac064fdbf8cdf0ae596ccb9ca60ab2af5490
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5517C37A1865286E7248F29C44032827A1EB59B58F344131EB5D977B8CF3BEC42EB49
                                                                                                                                                                                                  Function 00007FF6EB6F5DA0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                  • Instruction ID: 293e05a271ee7a8e3cad5658ff1c34bed5a2dace241d0772132337f4ef9dd7b7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6841B763C1A78A44F9658D2805047B86B81BF6ABA8D7852B0DD9DD33F3DD0E2D87910B
                                                                                                                                                                                                  Function 00007FF6EB6F9F10 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 485612231-0
                                                                                                                                                                                                  • Opcode ID: 4700cc90785079b7bb7a0602c46334a4ae9c6cdcc1bc7f68a8ec9cd099c19dcc
                                                                                                                                                                                                  • Instruction ID: c7e8ada998d60e1196cf9fa28a3c40989c3174f6db2ee327865563ba767454cb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4700cc90785079b7bb7a0602c46334a4ae9c6cdcc1bc7f68a8ec9cd099c19dcc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C641B133714A5582EF04CF6AEA24269A3A1FB4CFD4B199436EE0DD7B64DE3ED4418305
                                                                                                                                                                                                  Function 00007FF6EB6F8154 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 12404f4f4f1323fea4d4e583727f71dd7b5a0d93f2e51056eadc76cf5c92dd81
                                                                                                                                                                                                  • Instruction ID: 15fdfb5c2fa720768902adc6196334c5d6e69df92997e04269f8017c9026dc4c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12404f4f4f1323fea4d4e583727f71dd7b5a0d93f2e51056eadc76cf5c92dd81
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9131B433B18B4281EB65DF25644023E6695BB89BD0F244239EA5DA3BF5DF3DE0119309
                                                                                                                                                                                                  Function 00007FF6EB7095E0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: bcf48121633763fd2f6aa1741893fa818c421e56c797f7e3558f0bc07bbc94c0
                                                                                                                                                                                                  • Instruction ID: b62fc41b7d2cc968557daf9d35893c8582e6f47f783949a2a17caa7b61649ae4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bcf48121633763fd2f6aa1741893fa818c421e56c797f7e3558f0bc07bbc94c0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6F044B27182558ADB988F69A40262977D0F708380F408439D58DC3E34DE3D95618F09
                                                                                                                                                                                                  Function 00007FF6EB6ED37C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                                  • Instruction ID: 0b720f1ec06fcb1ca0d2aa1607b1c6f48a316a3c11f9dec4a4e593377f6b93d5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CAA0022390CC0AD0EA448B00ECA02392730FB5D300B401072E00DD15B4AF3FA711E30A
                                                                                                                                                                                                  Function 00007FF6EB6E76B0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressErrorLastProc
                                                                                                                                                                                                  • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                  • API String ID: 199729137-3427451314
                                                                                                                                                                                                  • Opcode ID: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                  • Instruction ID: 9ec8ebcf2ffedcff3a68da43fcb0268368e2adae4ee533450d1abb470a878fa7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4502C56290DB07D0EE159B54ACA07B92761BF0C754F801032D92E86B74FF3FB668931A
                                                                                                                                                                                                  Function 00007FF6EB6E81C0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6EB6E45E4,00000000,00007FF6EB6E1985), ref: 00007FF6EB6E9439
                                                                                                                                                                                                  • ExpandEnvironmentStringsW.KERNEL32(?,00007FF6EB6E88A7,?,?,00000000,00007FF6EB6E3CBB), ref: 00007FF6EB6E821C
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E2810: MessageBoxW.USER32 ref: 00007FF6EB6E28EA
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                  • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                  • API String ID: 1662231829-930877121
                                                                                                                                                                                                  • Opcode ID: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                                  • Instruction ID: fa6a6cb18a39170a3b8dbfdea48a8a5072ab2b2062bc9e86a9cf5d3e6635c9d0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1351B413A1C64285FB519B24EC513BE6351BF9C780F444032EA0EC6AF5FE2EE605934A
                                                                                                                                                                                                  Function 00007FF6EB6E2180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                  • String ID: P%
                                                                                                                                                                                                  • API String ID: 2147705588-2959514604
                                                                                                                                                                                                  • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                  • Instruction ID: 5431bbdf705ed9dc749c294878d664b57976564c92c70119bae02f2f3c077bc7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7051F8276047A186DA349F26E4182BAB7A1F79CB61F004121EFDE83BA4EF3DD145DB14
                                                                                                                                                                                                  Function 00007FF6EB6E80B0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                  • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                  • API String ID: 3975851968-2863640275
                                                                                                                                                                                                  • Opcode ID: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                  • Instruction ID: a25337dda0ec161908b602f1a9994fe3e3627c7d368b7caa1766d4a83580d0ef
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE214423B18A4381EB558B7AA85437D6750EF8CB90F584131EA2DC37F4EE2ED7958306
                                                                                                                                                                                                  Function 00007FF6EB6F6300 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: -$:$f$p$p
                                                                                                                                                                                                  • API String ID: 3215553584-2013873522
                                                                                                                                                                                                  • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                  • Instruction ID: 7c125e81695b75658743243ae118c01aa830367c65f8cda2b723e09e45d423ba
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8112C373E0C14386FB245E94D11437A77A1FB48754FA44135E69A87AE8DF3EE480EB0A
                                                                                                                                                                                                  Function 00007FF6EB6F1038 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: f$f$p$p$f
                                                                                                                                                                                                  • API String ID: 3215553584-1325933183
                                                                                                                                                                                                  • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                  • Instruction ID: 9215fc4ad66a5de047dc54ab4513740a5746e30858b5d26d371bd5f418038457
                                                                                                                                                                                                  • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C612B523E0C14386FB209E55E0547797372FB84794FA84035E699C7AE4DF7EE480AB0A
                                                                                                                                                                                                  Function 00007FF6EB6E1050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                  • API String ID: 2050909247-3659356012
                                                                                                                                                                                                  • Opcode ID: d71e4b7b1744fd061dd4f171bedf68f3ca03f3e9821f53b1d0028571ae7a1026
                                                                                                                                                                                                  • Instruction ID: b6ebae07b5e28e94a57273f009f0194a4acb997e518f360d8f3ad9cb5ae00f02
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d71e4b7b1744fd061dd4f171bedf68f3ca03f3e9821f53b1d0028571ae7a1026
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 43418123B1865281EA10DB12AC107BD67A5FF4CBC4F544432ED0C87BB5DE3EE245A74A
                                                                                                                                                                                                  Function 00007FF6EB6E1470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                  • API String ID: 2050909247-3659356012
                                                                                                                                                                                                  • Opcode ID: 17e152b10182aed67a72398ac85b67c0f98998c656add469577b8d559d4f932d
                                                                                                                                                                                                  • Instruction ID: 96de67a548be87a283cdca1c858ce000c344535833dc762cb9e118656a27c08b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 17e152b10182aed67a72398ac85b67c0f98998c656add469577b8d559d4f932d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F418063A0864285EB10DF2198107B963A0FF4C784F944432ED1D87BB9DE3EE645A74A
                                                                                                                                                                                                  Function 00007FF6EB6EEA78 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                                                                                  • API String ID: 849930591-393685449
                                                                                                                                                                                                  • Opcode ID: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                  • Instruction ID: d84005baf34f020d1704ec0c713e61e468409c116d245106e4f9ebada2de3382
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33D19273A0874186EB60DF65E8403AD37A0FB49788F100135EE4D97BA9DF39E241D706
                                                                                                                                                                                                  Function 00007FF6EB6E2C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6EB6E3706,?,00007FF6EB6E3804), ref: 00007FF6EB6E2C9E
                                                                                                                                                                                                  • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6EB6E3706,?,00007FF6EB6E3804), ref: 00007FF6EB6E2D63
                                                                                                                                                                                                  • MessageBoxW.USER32 ref: 00007FF6EB6E2D99
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                  • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                  • API String ID: 3940978338-251083826
                                                                                                                                                                                                  • Opcode ID: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                  • Instruction ID: ee8bdaa5553df0ea0498aef2335aadcbe119539c25da5c7b30f52eb210e48a45
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C31D72370464142EA209B11A8107AB6795BF8C7C8F400136EF4DD3B79EF3ED61AD305
                                                                                                                                                                                                  Function 00007FF6EB6EDD38 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF6EB6EDFEA,?,?,?,00007FF6EB6EDCDC,?,?,?,00007FF6EB6ED8D9), ref: 00007FF6EB6EDDBD
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF6EB6EDFEA,?,?,?,00007FF6EB6EDCDC,?,?,?,00007FF6EB6ED8D9), ref: 00007FF6EB6EDDCB
                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF6EB6EDFEA,?,?,?,00007FF6EB6EDCDC,?,?,?,00007FF6EB6ED8D9), ref: 00007FF6EB6EDDF5
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF6EB6EDFEA,?,?,?,00007FF6EB6EDCDC,?,?,?,00007FF6EB6ED8D9), ref: 00007FF6EB6EDE63
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF6EB6EDFEA,?,?,?,00007FF6EB6EDCDC,?,?,?,00007FF6EB6ED8D9), ref: 00007FF6EB6EDE6F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                                  • API String ID: 2559590344-2084034818
                                                                                                                                                                                                  • Opcode ID: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                  • Instruction ID: b4af052fc0f8908d0ebf3792da8b6c4b06eda82a2ab058687d77314402057209
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C31E423B1A60281EE129B02AC043782394FF5CBA4F495535ED2D977A0EF3EE644930A
                                                                                                                                                                                                  Function 00007FF6EB6E6350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                  • API String ID: 2050909247-2434346643
                                                                                                                                                                                                  • Opcode ID: 5c7507e70d60f0fb7e3c9a3209df06ed2678ab3c183624e845013dd92edd1fac
                                                                                                                                                                                                  • Instruction ID: 6097fb1825a99f31dc9c279716138a7f260c15fcf43e243dca85095c83438427
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c7507e70d60f0fb7e3c9a3209df06ed2678ab3c183624e845013dd92edd1fac
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA416D33A0868691EA11DB60E8143EE6321FB5C384F804132EA5D876F5EF3EE715D746
                                                                                                                                                                                                  Function 00007FF6EB6E2A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF6EB6E351A,?,00000000,00007FF6EB6E3F23), ref: 00007FF6EB6E2AA0
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                  • API String ID: 2050909247-2900015858
                                                                                                                                                                                                  • Opcode ID: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                  • Instruction ID: bcc75e871bb577528dfe5a8e36f3f6025bec15f5bd80091d5674d7e3baa3dc7f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5221A133A1878182EA20DB51B8917EA67A4FB8C7C4F400132FE8C83B69DF3DE6559705
                                                                                                                                                                                                  Function 00007FF6EB6FB1C0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                                  • Opcode ID: 95e941e89c228e9c604249a81e4247bf93b8921c3316e711f137cef7aac77c3c
                                                                                                                                                                                                  • Instruction ID: 368a6d996a8ae8414b3cbd2515c406b138d8b71a068d2b590148e80ea69b84d2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 95e941e89c228e9c604249a81e4247bf93b8921c3316e711f137cef7aac77c3c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC214F22F0D24641FA546B61566537D53526F4C7E0F284734D93EC6BF6DE2EE402630B
                                                                                                                                                                                                  Function 00007FF6EB707DDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                  • String ID: CONOUT$
                                                                                                                                                                                                  • API String ID: 3230265001-3130406586
                                                                                                                                                                                                  • Opcode ID: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                  • Instruction ID: c518d2f691286843d65b84f2a3f60b161537439c2d16be3118efea33d156fb33
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77118422618A4186EB508B52F86432967A0FB9CFE4F040235DA5DC7BB4DF3ED9248749
                                                                                                                                                                                                  Function 00007FF6EB6E8560 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,?,?,00000000,00007FF6EB6E9216), ref: 00007FF6EB6E8592
                                                                                                                                                                                                  • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF6EB6E9216), ref: 00007FF6EB6E85E9
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6EB6E45E4,00000000,00007FF6EB6E1985), ref: 00007FF6EB6E9439
                                                                                                                                                                                                  • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF6EB6E9216), ref: 00007FF6EB6E8678
                                                                                                                                                                                                  • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF6EB6E9216), ref: 00007FF6EB6E86E4
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,00000000,00007FF6EB6E9216), ref: 00007FF6EB6E86F5
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,00000000,00007FF6EB6E9216), ref: 00007FF6EB6E870A
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3462794448-0
                                                                                                                                                                                                  • Opcode ID: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                                  • Instruction ID: 0baf5a041a8ea6878e4fa38454d715ccc8b22efc1c79cbd79405a2cb9aa7d94a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE41A223B1968241EA319F11A9447AE6394FB8CBC4F040131DE4CA7BA9EE3DE605D70A
                                                                                                                                                                                                  Function 00007FF6EB6FB338 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF6EB6F4F81,?,?,?,?,00007FF6EB6FA4FA,?,?,?,?,00007FF6EB6F71FF), ref: 00007FF6EB6FB347
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6EB6F4F81,?,?,?,?,00007FF6EB6FA4FA,?,?,?,?,00007FF6EB6F71FF), ref: 00007FF6EB6FB37D
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6EB6F4F81,?,?,?,?,00007FF6EB6FA4FA,?,?,?,?,00007FF6EB6F71FF), ref: 00007FF6EB6FB3AA
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6EB6F4F81,?,?,?,?,00007FF6EB6FA4FA,?,?,?,?,00007FF6EB6F71FF), ref: 00007FF6EB6FB3BB
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6EB6F4F81,?,?,?,?,00007FF6EB6FA4FA,?,?,?,?,00007FF6EB6F71FF), ref: 00007FF6EB6FB3CC
                                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,00007FF6EB6F4F81,?,?,?,?,00007FF6EB6FA4FA,?,?,?,?,00007FF6EB6F71FF), ref: 00007FF6EB6FB3E7
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                                  • Opcode ID: 6d8f3e74ebbb6b3e9df47af100808aa7e96d944c008937dd2b032c21f4d9a902
                                                                                                                                                                                                  • Instruction ID: 8a6520d2a9f2337960131a0d3b5b3285efd264ffcd86a13a25e164692e83b5be
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d8f3e74ebbb6b3e9df47af100808aa7e96d944c008937dd2b032c21f4d9a902
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95118123A4D64282FA545B21666537D53525F4C7F0F284334E97EC67F6DE2EE401A30B
                                                                                                                                                                                                  Function 00007FF6EB6E2910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6EB6E1B6A), ref: 00007FF6EB6E295E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                  • API String ID: 2050909247-2962405886
                                                                                                                                                                                                  • Opcode ID: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                  • Instruction ID: 559595693af41e9faf0fec96aee0dcedb1f02da12d93645eaf732bfdde120b62
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB31F323B1868152EB209B61AC507EA6795BF8C7D4F000132EE8CC3B65EF3DD6469305
                                                                                                                                                                                                  Function 00007FF6EB6E2390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                  • String ID: Unhandled exception in script
                                                                                                                                                                                                  • API String ID: 3081866767-2699770090
                                                                                                                                                                                                  • Opcode ID: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                                  • Instruction ID: c3f026819ec81fc508b58ec036974f6f882e1449089c3e1819fc65da0a5c3352
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B314F7361968289EB20DF21E8553F96361FF8C784F540136EA4D8BB69DF3DD2058706
                                                                                                                                                                                                  Function 00007FF6EB6E2B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF6EB6E918F,?,00007FF6EB6E3C55), ref: 00007FF6EB6E2BA0
                                                                                                                                                                                                  • MessageBoxW.USER32 ref: 00007FF6EB6E2C2A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentMessageProcess
                                                                                                                                                                                                  • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                  • API String ID: 1672936522-3797743490
                                                                                                                                                                                                  • Opcode ID: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                  • Instruction ID: 36c0942cce36cfba24c8a8fa134c1d8ec16ab7608f93ecd3109792fececf5f02
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD21DE23708B4182EB209B14F8407AA67A4FB8C7C4F400136EA8D97B79EF3DE615C705
                                                                                                                                                                                                  Function 00007FF6EB6E2710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF6EB6E1B99), ref: 00007FF6EB6E2760
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                  • API String ID: 2050909247-1591803126
                                                                                                                                                                                                  • Opcode ID: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                  • Instruction ID: 77b87ed1b0d20e880baf8943812204ec162427207ed722d059a5af487d0c9c43
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68219F73A1878192EA20DB50B8817EA67A4FB8C784F400132FA8C83B69DF3DD6599705
                                                                                                                                                                                                  Function 00007FF6EB6F9AF8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                  • Opcode ID: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                  • Instruction ID: 1f881bb78b1b7a15414a404584a443bb1a51c93a4742df6ed4f432986b5122d5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BF0C232B0870681EF108B24E4A433A5320EF4D7A1F540236C66E86AF4DF2FE158D709
                                                                                                                                                                                                  Function 00007FF6EB7093D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _set_statfp
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1156100317-0
                                                                                                                                                                                                  • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                  • Instruction ID: eeef7d6691ee3f30502df96db1c66932442b4fb160b368151ae418d15a4e07d3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4116D73E5CA1201FE54112CD45637624546F5D374E040636FAAE86AF6AE2FAD61430F
                                                                                                                                                                                                  Function 00007FF6EB6FB400 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF6EB6FA613,?,?,00000000,00007FF6EB6FA8AE,?,?,?,?,?,00007FF6EB6FA83A), ref: 00007FF6EB6FB41F
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6EB6FA613,?,?,00000000,00007FF6EB6FA8AE,?,?,?,?,?,00007FF6EB6FA83A), ref: 00007FF6EB6FB43E
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6EB6FA613,?,?,00000000,00007FF6EB6FA8AE,?,?,?,?,?,00007FF6EB6FA83A), ref: 00007FF6EB6FB466
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6EB6FA613,?,?,00000000,00007FF6EB6FA8AE,?,?,?,?,?,00007FF6EB6FA83A), ref: 00007FF6EB6FB477
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6EB6FA613,?,?,00000000,00007FF6EB6FA8AE,?,?,?,?,?,00007FF6EB6FA83A), ref: 00007FF6EB6FB488
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                  • Opcode ID: 3cf0457813ef902b4d16e29671bd05b92734aec0d3ae5f0b4a86182189680110
                                                                                                                                                                                                  • Instruction ID: 78d88810d5d1380cdd439fa9a256815443de910b71fa3d554db0cda106c997b8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3cf0457813ef902b4d16e29671bd05b92734aec0d3ae5f0b4a86182189680110
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C116023E0960241FA589F21666137953565F4C7B0F2C8334E97DC6AFADE2EE401A70A
                                                                                                                                                                                                  Function 00007FF6EB6FB294 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                  • Opcode ID: 58ce09dd5263def6ec13d4cefdd98fc26a3f0444d111e578bd11d526dfe727f7
                                                                                                                                                                                                  • Instruction ID: 29164dbb3ae6da730c95194c830f1dbb6b815dc106783981693e491baec92213
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 58ce09dd5263def6ec13d4cefdd98fc26a3f0444d111e578bd11d526dfe727f7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE112A23E4920741F9586A21546237D13525F4D370F6C4734D93ECA6F2DD2EB402735B
                                                                                                                                                                                                  Function 00007FF6EB6F6010 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: verbose
                                                                                                                                                                                                  • API String ID: 3215553584-579935070
                                                                                                                                                                                                  • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                  • Instruction ID: 5335feb5b1db327f02bedd203370899db5c865756d8e3ea79834ca855dec3ff1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C991C133A08A4685F7618EA8D45137D37A1BB48B94F644236DA5EC33E5DF3EE405E30A
                                                                                                                                                                                                  Function 00007FF6EB6FFC38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                  • API String ID: 3215553584-1196891531
                                                                                                                                                                                                  • Opcode ID: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                  • Instruction ID: ddb476847552f79e83febd12376fe2bdae5193a9e8226f6299b3c7ed3c90de3b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0681B133E0B24295F7A44E25911037937A1AB19B88F754035DA8DD76F5DF2FE901A30B
                                                                                                                                                                                                  Function 00007FF6EB6ED6B8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                  • API String ID: 2395640692-1018135373
                                                                                                                                                                                                  • Opcode ID: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                  • Instruction ID: 92cac2e8c8891cd427f05319d8d2ffaa57c64ff3fa3be3a12adbcfbf3963599c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A751C133B196028ADB14CB19D804B3D7391EB48B98F109130DA5EA77A8EF3EE941D705
                                                                                                                                                                                                  Function 00007FF6EB6EF2F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                  • String ID: csm$csm
                                                                                                                                                                                                  • API String ID: 3896166516-3733052814
                                                                                                                                                                                                  • Opcode ID: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                  • Instruction ID: 12214e448705f9820e58ad0ecf48c3b6f3006c8d82a916d34c0bb061ff62311a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F519133918282C7FB648E21984436D37A0EB68B84F145135EA9C877E5DF3EE650DB0A
                                                                                                                                                                                                  Function 00007FF6EB6EEF48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                                                                                  • API String ID: 3544855599-2084237596
                                                                                                                                                                                                  • Opcode ID: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                  • Instruction ID: 09cd3b66279d0f728c832bdd6bfb0934e852c5e922abea091c5afe90d31e543c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82618133918BC582E7608B15E8403AEB7A0FB89794F044225EBDC47BA5DF7DE294CB05
                                                                                                                                                                                                  Function 00007FF6EB6E2810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                                  • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                  • API String ID: 2030045667-255084403
                                                                                                                                                                                                  • Opcode ID: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                  • Instruction ID: c9d2a9afffd21f7cf7315f7f1a6fd403f38dd9b051ce6695b913c29d651cf5b3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B21BF63B08B4182EB209B14B8407AA67A4FB8C780F400132EA8D97B79EF3DD659D705
                                                                                                                                                                                                  Function 00007FF6EB6FC610 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2718003287-0
                                                                                                                                                                                                  • Opcode ID: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                  • Instruction ID: 35c7916862f4e25fe6c84fef41ed173e9e443530c12e2a7c0bba6a3eb730f199
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8D13673B18A818AEB10CF78D4402AC3771FB48798F108236DE5D97BA9DE3AE016D345
                                                                                                                                                                                                  Function 00007FF6EB6E20C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1956198572-0
                                                                                                                                                                                                  • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                  • Instruction ID: f80268912ffb31342a52c6398086385710ec3ea0b57a2ec3592d188c99218f58
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B011E923A1C14242FA548B6AE9443BE5352EB8C7C0F484031FB4987BB9DD2FD795930A
                                                                                                                                                                                                  Function 00007FF6EB705B8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: ?
                                                                                                                                                                                                  • API String ID: 1286766494-1684325040
                                                                                                                                                                                                  • Opcode ID: 49037f27f8a3fd0af602071961786b5c11050eb40cc6520dd4d88adff463e317
                                                                                                                                                                                                  • Instruction ID: 8b545a5c830b09c614cf13510ea734615d7222cd0fb863721a4b6ef90f097fc3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 49037f27f8a3fd0af602071961786b5c11050eb40cc6520dd4d88adff463e317
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62412723A2828246FF249B25D48137A57A0EB98BA4F144236EF5C87EF5EE3FD451C705
                                                                                                                                                                                                  Function 00007FF6EB6F9084 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6EB6F90B6
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6FA9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF6EB702D92,?,?,?,00007FF6EB702DCF,?,?,00000000,00007FF6EB703295,?,?,?,00007FF6EB7031C7), ref: 00007FF6EB6FA9CE
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6FA9B8: GetLastError.KERNEL32(?,?,?,00007FF6EB702D92,?,?,?,00007FF6EB702DCF,?,?,00000000,00007FF6EB703295,?,?,?,00007FF6EB7031C7), ref: 00007FF6EB6FA9D8
                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6EB6ECC15), ref: 00007FF6EB6F90D4
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                  • API String ID: 3580290477-73785354
                                                                                                                                                                                                  • Opcode ID: 6949f310d66ea20a01752be9fefe254e5f7f697695929ffcc1b4329691481a3a
                                                                                                                                                                                                  • Instruction ID: 995b60b9810a180056fc38fb799e2e0a667cdd35e4c74478521aaec5d6106e1b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6949f310d66ea20a01752be9fefe254e5f7f697695929ffcc1b4329691481a3a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9041A233A0CB0285EB14DF25A8402BC27A5EF4C7C4B654035EA4D83BB5DF3EE491974A
                                                                                                                                                                                                  Function 00007FF6EB6FCCA8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                                                  • String ID: U
                                                                                                                                                                                                  • API String ID: 442123175-4171548499
                                                                                                                                                                                                  • Opcode ID: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                  • Instruction ID: 8987cfdd2d186d2c5ed040816286de8535d9e03e600ffcea8f83c79dbf0ff1f2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D41A233B19A4581DB208F25E8443AEAB65FB88794F944031EE4DC7BA8EF3DD501D745
                                                                                                                                                                                                  Function 00007FF6EB6FF628 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentDirectory
                                                                                                                                                                                                  • String ID: :
                                                                                                                                                                                                  • API String ID: 1611563598-336475711
                                                                                                                                                                                                  • Opcode ID: 3c906c99ff6b46cc0de181ba7a1caf37579b2c2fe8814107475e6c290f9e88a5
                                                                                                                                                                                                  • Instruction ID: bbde267ec243dd0fca6223d253e8cd83c5e8976ceb58e3f6aadd5b9548bb1680
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c906c99ff6b46cc0de181ba7a1caf37579b2c2fe8814107475e6c290f9e88a5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1621D563A0828182EB209F11D45436D63B1FB8CB44FA58035D68C836B4DF7EE5458B46
                                                                                                                                                                                                  Function 00007FF6EB6EFDB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                  • API String ID: 2573137834-1018135373
                                                                                                                                                                                                  • Opcode ID: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                  • Instruction ID: 90aca090ba7d65baea049ad3de81b0c5af0099de195bf11f76fe52d1c689622f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16111C33619B8182EB618F15F8402597BE4FB88B84F584231DACD47B65EF3ED6518B04
                                                                                                                                                                                                  Function 00007FF6EB7007AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2500701526.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500667170.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500749547.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500787695.00007FF6EB722000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2500858435.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: :
                                                                                                                                                                                                  • API String ID: 2595371189-336475711
                                                                                                                                                                                                  • Opcode ID: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                  • Instruction ID: 129fa04c7b08868fb20fe59c395c4a4259d36625c479b5afb26efe2458d55c02
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E01712391C24785FF209F60946537E23A0EF4C758F941036D54DC6AB1EF3EE5148B1A

                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                  Execution Coverage:1.5%
                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                  Signature Coverage:7.4%
                                                                                                                                                                                                  Total number of Nodes:1015
                                                                                                                                                                                                  Total number of Limit Nodes:60
                                                                                                                                                                                                  execution_graph 114929 7ff6eb6f99d1 114941 7ff6eb6fa448 114929->114941 114931 7ff6eb6f99d6 114932 7ff6eb6f99fd GetModuleHandleW 114931->114932 114933 7ff6eb6f9a47 114931->114933 114932->114933 114939 7ff6eb6f9a0a 114932->114939 114934 7ff6eb6f98d4 11 API calls 114933->114934 114935 7ff6eb6f9a83 114934->114935 114936 7ff6eb6f9a8a 114935->114936 114937 7ff6eb6f9aa0 11 API calls 114935->114937 114938 7ff6eb6f9a9c 114937->114938 114939->114933 114940 7ff6eb6f9af8 GetModuleHandleExW GetProcAddress FreeLibrary 114939->114940 114940->114933 114946 7ff6eb6fb1c0 45 API calls 3 library calls 114941->114946 114944 7ff6eb6fa451 114947 7ff6eb6fa574 45 API calls __CxxCallCatchBlock 114944->114947 114946->114944 115810 7ff6eb6e2fe0 115811 7ff6eb6e2ff0 115810->115811 115812 7ff6eb6e3041 115811->115812 115813 7ff6eb6e302b 115811->115813 115815 7ff6eb6e3061 115812->115815 115826 7ff6eb6e3077 __std_exception_destroy 115812->115826 115852 7ff6eb6e2710 54 API calls _log10_special 115813->115852 115853 7ff6eb6e2710 54 API calls _log10_special 115815->115853 115817 7ff6eb6ec5c0 _log10_special 8 API calls 115819 7ff6eb6e31fa 115817->115819 115818 7ff6eb6e3037 __std_exception_destroy 115818->115817 115820 7ff6eb6e1470 116 API calls 115820->115826 115821 7ff6eb6e3349 115858 7ff6eb6e2710 54 API calls _log10_special 115821->115858 115822 7ff6eb6e1c80 49 API calls 115822->115826 115824 7ff6eb6e3333 115857 7ff6eb6e2710 54 API calls _log10_special 115824->115857 115826->115818 115826->115820 115826->115821 115826->115822 115826->115824 115827 7ff6eb6e330d 115826->115827 115829 7ff6eb6e3207 115826->115829 115856 7ff6eb6e2710 54 API calls _log10_special 115827->115856 115830 7ff6eb6e3273 115829->115830 115854 7ff6eb6fa474 37 API calls 2 library calls 115829->115854 115832 7ff6eb6e329e 115830->115832 115833 7ff6eb6e3290 115830->115833 115838 7ff6eb6e2dd0 115832->115838 115855 7ff6eb6fa474 37 API calls 2 library calls 115833->115855 115836 7ff6eb6e329c 115842 7ff6eb6e2500 115836->115842 115841 7ff6eb6e2e04 115838->115841 115839 7ff6eb6e2f6f 115839->115836 115841->115839 115859 7ff6eb6fa474 37 API calls 2 library calls 115841->115859 115843 7ff6eb6e252c 115842->115843 115844 7ff6eb6e2536 115842->115844 115845 7ff6eb6e9400 2 API calls 115843->115845 115846 7ff6eb6e254b 115844->115846 115848 7ff6eb6e9400 2 API calls 115844->115848 115845->115844 115847 7ff6eb6e2560 115846->115847 115849 7ff6eb6e9400 2 API calls 115846->115849 115860 7ff6eb6e2390 115847->115860 115848->115846 115849->115847 115851 7ff6eb6e257c __std_exception_destroy 115851->115818 115852->115818 115853->115818 115854->115830 115855->115836 115856->115818 115857->115818 115858->115818 115859->115839 115861 7ff6eb6ec8c0 115860->115861 115862 7ff6eb6e23a9 GetModuleHandleW 115861->115862 115863 7ff6eb6e23e5 __scrt_get_show_window_mode 115862->115863 115879 7ff6eb6e25c0 115863->115879 115865 7ff6eb6e242b __scrt_get_show_window_mode 115883 7ff6eb6f79dc 115865->115883 115868 7ff6eb6f79dc 37 API calls 115869 7ff6eb6e245e 115868->115869 115870 7ff6eb6f79dc 37 API calls 115869->115870 115871 7ff6eb6e246b DialogBoxIndirectParamW 115870->115871 115872 7ff6eb6e24a1 __std_exception_destroy 115871->115872 115873 7ff6eb6e24c1 DeleteObject 115872->115873 115874 7ff6eb6e24c7 115872->115874 115873->115874 115875 7ff6eb6e24d3 DestroyIcon 115874->115875 115876 7ff6eb6e24d9 115874->115876 115875->115876 115877 7ff6eb6ec5c0 _log10_special 8 API calls 115876->115877 115878 7ff6eb6e24ea 115877->115878 115878->115851 115880 7ff6eb6e25e5 115879->115880 115890 7ff6eb6f4c48 115880->115890 115884 7ff6eb6e2451 115883->115884 115885 7ff6eb6f79fa 115883->115885 115884->115868 115885->115884 115910 7ff6eb7004e4 37 API calls 2 library calls 115885->115910 115887 7ff6eb6f7a29 115887->115884 115888 7ff6eb6fa970 _isindst 17 API calls 115887->115888 115889 7ff6eb6f7a5d 115888->115889 115891 7ff6eb6f4ca2 115890->115891 115892 7ff6eb6f4cc7 115891->115892 115894 7ff6eb6f4d03 115891->115894 115908 7ff6eb6fa884 37 API calls 2 library calls 115892->115908 115909 7ff6eb6f3000 48 API calls _invalid_parameter_noinfo 115894->115909 115896 7ff6eb6f4cf1 115898 7ff6eb6ec5c0 _log10_special 8 API calls 115896->115898 115897 7ff6eb6f4de4 115899 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 115897->115899 115900 7ff6eb6e2604 115898->115900 115899->115896 115900->115865 115901 7ff6eb6f4d9e 115901->115897 115902 7ff6eb6f4e0a 115901->115902 115903 7ff6eb6f4db9 115901->115903 115906 7ff6eb6f4db0 115901->115906 115902->115897 115904 7ff6eb6f4e14 115902->115904 115905 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 115903->115905 115907 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 115904->115907 115905->115896 115906->115897 115906->115903 115907->115896 115908->115896 115909->115901 115910->115887 115911 7ff6eb6e20c0 115912 7ff6eb6e20d5 115911->115912 115913 7ff6eb6e213b GetWindowLongPtrW 115911->115913 115916 7ff6eb6e210a SetWindowLongPtrW 115912->115916 115919 7ff6eb6e20e2 115912->115919 115922 7ff6eb6e2180 GetDC 115913->115922 115921 7ff6eb6e2124 115916->115921 115917 7ff6eb6e20f4 EndDialog 115920 7ff6eb6e20fa 115917->115920 115918 7ff6eb6e2166 115919->115917 115919->115918 115919->115920 115923 7ff6eb6e224d 115922->115923 115924 7ff6eb6e21bd 115922->115924 115927 7ff6eb6e2252 MoveWindow MoveWindow MoveWindow MoveWindow 115923->115927 115925 7ff6eb6e21ef SelectObject 115924->115925 115926 7ff6eb6e21fb DrawTextW 115924->115926 115925->115926 115928 7ff6eb6e2225 SelectObject 115926->115928 115929 7ff6eb6e2231 ReleaseDC 115926->115929 115930 7ff6eb6ec5c0 _log10_special 8 API calls 115927->115930 115928->115929 115929->115927 115931 7ff6eb6e2158 InvalidateRect 115930->115931 115931->115918 114948 7ff6eb6eccac 114969 7ff6eb6ece7c 114948->114969 114951 7ff6eb6ecdf8 115118 7ff6eb6ed19c 7 API calls 2 library calls 114951->115118 114952 7ff6eb6eccc8 __scrt_acquire_startup_lock 114954 7ff6eb6ece02 114952->114954 114959 7ff6eb6ecce6 __scrt_release_startup_lock 114952->114959 115119 7ff6eb6ed19c 7 API calls 2 library calls 114954->115119 114956 7ff6eb6ecd0b 114957 7ff6eb6ece0d __CxxCallCatchBlock 114958 7ff6eb6ecd91 114975 7ff6eb6ed2e4 114958->114975 114959->114956 114959->114958 115115 7ff6eb6f9b9c 45 API calls 114959->115115 114961 7ff6eb6ecd96 114978 7ff6eb6e1000 114961->114978 114966 7ff6eb6ecdb9 114966->114957 115117 7ff6eb6ed000 7 API calls 114966->115117 114968 7ff6eb6ecdd0 114968->114956 114970 7ff6eb6ece84 114969->114970 114971 7ff6eb6ece90 __scrt_dllmain_crt_thread_attach 114970->114971 114972 7ff6eb6eccc0 114971->114972 114973 7ff6eb6ece9d 114971->114973 114972->114951 114972->114952 114973->114972 115120 7ff6eb6ed8f8 7 API calls 2 library calls 114973->115120 115121 7ff6eb70a540 114975->115121 114979 7ff6eb6e1009 114978->114979 115123 7ff6eb6f54f4 114979->115123 114981 7ff6eb6e37fb 115130 7ff6eb6e36b0 114981->115130 114987 7ff6eb6e391b 115238 7ff6eb6e45b0 114987->115238 114988 7ff6eb6e383c 115233 7ff6eb6e1c80 114988->115233 114992 7ff6eb6e385b 115202 7ff6eb6e8a20 114992->115202 114995 7ff6eb6e396a 115261 7ff6eb6e2710 54 API calls _log10_special 114995->115261 114997 7ff6eb6e388e 115006 7ff6eb6e38bb __std_exception_destroy 114997->115006 115237 7ff6eb6e8b90 40 API calls __std_exception_destroy 114997->115237 114999 7ff6eb6e395d 115000 7ff6eb6e3962 114999->115000 115001 7ff6eb6e3984 114999->115001 115257 7ff6eb6f00bc 115000->115257 115003 7ff6eb6e1c80 49 API calls 115001->115003 115005 7ff6eb6e39a3 115003->115005 115011 7ff6eb6e1950 115 API calls 115005->115011 115007 7ff6eb6e8a20 14 API calls 115006->115007 115014 7ff6eb6e38de __std_exception_destroy 115006->115014 115007->115014 115009 7ff6eb6e3a0b 115264 7ff6eb6e8b90 40 API calls __std_exception_destroy 115009->115264 115013 7ff6eb6e39ce 115011->115013 115012 7ff6eb6e3a17 115265 7ff6eb6e8b90 40 API calls __std_exception_destroy 115012->115265 115013->114992 115016 7ff6eb6e39de 115013->115016 115020 7ff6eb6e390e __std_exception_destroy 115014->115020 115263 7ff6eb6e8b30 40 API calls __std_exception_destroy 115014->115263 115262 7ff6eb6e2710 54 API calls _log10_special 115016->115262 115017 7ff6eb6e3a23 115266 7ff6eb6e8b90 40 API calls __std_exception_destroy 115017->115266 115021 7ff6eb6e8a20 14 API calls 115020->115021 115022 7ff6eb6e3a3b 115021->115022 115023 7ff6eb6e3a60 __std_exception_destroy 115022->115023 115024 7ff6eb6e3b2f 115022->115024 115037 7ff6eb6e3aab 115023->115037 115267 7ff6eb6e8b30 40 API calls __std_exception_destroy 115023->115267 115268 7ff6eb6e2710 54 API calls _log10_special 115024->115268 115027 7ff6eb6e8a20 14 API calls 115028 7ff6eb6e3bf4 __std_exception_destroy 115027->115028 115029 7ff6eb6e3d41 115028->115029 115030 7ff6eb6e3c46 115028->115030 115282 7ff6eb6e44d0 49 API calls 115029->115282 115031 7ff6eb6e3cd4 115030->115031 115032 7ff6eb6e3c50 115030->115032 115035 7ff6eb6e8a20 14 API calls 115031->115035 115269 7ff6eb6e90e0 59 API calls _log10_special 115032->115269 115039 7ff6eb6e3ce0 115035->115039 115036 7ff6eb6e3d4f 115040 7ff6eb6e3d65 115036->115040 115041 7ff6eb6e3d71 115036->115041 115037->115027 115038 7ff6eb6e3c55 115042 7ff6eb6e3cb3 115038->115042 115043 7ff6eb6e3c61 115038->115043 115039->115043 115046 7ff6eb6e3ced 115039->115046 115283 7ff6eb6e4620 115040->115283 115045 7ff6eb6e1c80 49 API calls 115041->115045 115280 7ff6eb6e8850 86 API calls 2 library calls 115042->115280 115270 7ff6eb6e2710 54 API calls _log10_special 115043->115270 115057 7ff6eb6e3d2b __std_exception_destroy 115045->115057 115049 7ff6eb6e1c80 49 API calls 115046->115049 115052 7ff6eb6e3d0b 115049->115052 115050 7ff6eb6e3dc4 115215 7ff6eb6e9400 115050->115215 115051 7ff6eb6e3cbb 115054 7ff6eb6e3cbf 115051->115054 115055 7ff6eb6e3cc8 115051->115055 115056 7ff6eb6e3d12 115052->115056 115052->115057 115054->115043 115055->115057 115281 7ff6eb6e2710 54 API calls _log10_special 115056->115281 115057->115050 115058 7ff6eb6e3da7 SetDllDirectoryW LoadLibraryExW 115057->115058 115058->115050 115059 7ff6eb6e3dd7 SetDllDirectoryW 115062 7ff6eb6e3e0a 115059->115062 115065 7ff6eb6e3e5a 115059->115065 115064 7ff6eb6e8a20 14 API calls 115062->115064 115063 7ff6eb6e3808 __std_exception_destroy 115271 7ff6eb6ec5c0 115063->115271 115074 7ff6eb6e3e16 __std_exception_destroy 115064->115074 115066 7ff6eb6e3ffc 115065->115066 115069 7ff6eb6e3f1b 115065->115069 115067 7ff6eb6e4006 PostMessageW GetMessageW 115066->115067 115068 7ff6eb6e4029 115066->115068 115067->115068 115220 7ff6eb6e3360 115068->115220 115294 7ff6eb6e33c0 121 API calls 2 library calls 115069->115294 115071 7ff6eb6e3f23 115071->115063 115072 7ff6eb6e3f2b 115071->115072 115295 7ff6eb6e90c0 LocalFree 115072->115295 115077 7ff6eb6e3ef2 115074->115077 115081 7ff6eb6e3e4e 115074->115081 115293 7ff6eb6e8b30 40 API calls __std_exception_destroy 115077->115293 115081->115065 115286 7ff6eb6e6db0 54 API calls _get_daylight 115081->115286 115089 7ff6eb6e404f 115090 7ff6eb6e3e6c 115287 7ff6eb6e7330 117 API calls 2 library calls 115090->115287 115094 7ff6eb6e3e81 115097 7ff6eb6e3ea2 115094->115097 115110 7ff6eb6e3e85 115094->115110 115288 7ff6eb6e6df0 120 API calls _log10_special 115094->115288 115097->115110 115289 7ff6eb6e71a0 125 API calls 115097->115289 115101 7ff6eb6e3ee0 115292 7ff6eb6e6fb0 FreeLibrary 115101->115292 115102 7ff6eb6e3eb7 115102->115110 115290 7ff6eb6e74e0 55 API calls 115102->115290 115110->115065 115291 7ff6eb6e2a50 54 API calls _log10_special 115110->115291 115115->114958 115116 7ff6eb6ed328 GetModuleHandleW 115116->114966 115117->114968 115118->114954 115119->114957 115120->114972 115122 7ff6eb6ed2fb GetStartupInfoW 115121->115122 115122->114961 115124 7ff6eb6ff4f0 115123->115124 115126 7ff6eb6ff596 115124->115126 115127 7ff6eb6ff543 115124->115127 115298 7ff6eb6ff3c8 71 API calls _fread_nolock 115126->115298 115297 7ff6eb6fa884 37 API calls 2 library calls 115127->115297 115129 7ff6eb6ff56c 115129->114981 115299 7ff6eb6ec8c0 115130->115299 115133 7ff6eb6e3710 115301 7ff6eb6e92f0 FindFirstFileExW 115133->115301 115134 7ff6eb6e36eb GetLastError 115306 7ff6eb6e2c50 51 API calls _log10_special 115134->115306 115137 7ff6eb6e3706 115142 7ff6eb6ec5c0 _log10_special 8 API calls 115137->115142 115139 7ff6eb6e3723 115307 7ff6eb6e9370 CreateFileW GetFinalPathNameByHandleW CloseHandle 115139->115307 115140 7ff6eb6e377d 115309 7ff6eb6e94b0 WideCharToMultiByte WideCharToMultiByte __std_exception_destroy 115140->115309 115145 7ff6eb6e37b5 115142->115145 115144 7ff6eb6e378b 115144->115137 115310 7ff6eb6e2810 49 API calls _log10_special 115144->115310 115145->115063 115152 7ff6eb6e1950 115145->115152 115146 7ff6eb6e3730 115147 7ff6eb6e3734 115146->115147 115148 7ff6eb6e374c __vcrt_InitializeCriticalSectionEx 115146->115148 115308 7ff6eb6e2810 49 API calls _log10_special 115147->115308 115148->115140 115151 7ff6eb6e3745 115151->115137 115153 7ff6eb6e45b0 108 API calls 115152->115153 115154 7ff6eb6e1985 115153->115154 115155 7ff6eb6e1c43 115154->115155 115157 7ff6eb6e7f80 83 API calls 115154->115157 115156 7ff6eb6ec5c0 _log10_special 8 API calls 115155->115156 115158 7ff6eb6e1c5e 115156->115158 115159 7ff6eb6e19cb 115157->115159 115158->114987 115158->114988 115201 7ff6eb6e1a03 115159->115201 115311 7ff6eb6f0744 115159->115311 115161 7ff6eb6f00bc 74 API calls 115161->115155 115162 7ff6eb6e19e5 115163 7ff6eb6e19e9 115162->115163 115164 7ff6eb6e1a08 115162->115164 115318 7ff6eb6f4f78 11 API calls _get_daylight 115163->115318 115315 7ff6eb6f040c 115164->115315 115167 7ff6eb6e19ee 115319 7ff6eb6e2910 54 API calls _log10_special 115167->115319 115170 7ff6eb6e1a45 115175 7ff6eb6e1a7b 115170->115175 115176 7ff6eb6e1a5c 115170->115176 115171 7ff6eb6e1a26 115320 7ff6eb6f4f78 11 API calls _get_daylight 115171->115320 115173 7ff6eb6e1a2b 115321 7ff6eb6e2910 54 API calls _log10_special 115173->115321 115177 7ff6eb6e1c80 49 API calls 115175->115177 115322 7ff6eb6f4f78 11 API calls _get_daylight 115176->115322 115180 7ff6eb6e1a92 115177->115180 115179 7ff6eb6e1a61 115323 7ff6eb6e2910 54 API calls _log10_special 115179->115323 115182 7ff6eb6e1c80 49 API calls 115180->115182 115183 7ff6eb6e1add 115182->115183 115184 7ff6eb6f0744 73 API calls 115183->115184 115185 7ff6eb6e1b01 115184->115185 115186 7ff6eb6e1b35 115185->115186 115187 7ff6eb6e1b16 115185->115187 115188 7ff6eb6f040c _fread_nolock 53 API calls 115186->115188 115324 7ff6eb6f4f78 11 API calls _get_daylight 115187->115324 115190 7ff6eb6e1b4a 115188->115190 115192 7ff6eb6e1b6f 115190->115192 115193 7ff6eb6e1b50 115190->115193 115191 7ff6eb6e1b1b 115325 7ff6eb6e2910 54 API calls _log10_special 115191->115325 115328 7ff6eb6f0180 37 API calls 2 library calls 115192->115328 115326 7ff6eb6f4f78 11 API calls _get_daylight 115193->115326 115197 7ff6eb6e1b55 115327 7ff6eb6e2910 54 API calls _log10_special 115197->115327 115198 7ff6eb6e1b89 115198->115201 115329 7ff6eb6e2710 54 API calls _log10_special 115198->115329 115201->115161 115203 7ff6eb6e8a2a 115202->115203 115204 7ff6eb6e9400 2 API calls 115203->115204 115205 7ff6eb6e8a49 GetEnvironmentVariableW 115204->115205 115206 7ff6eb6e8ab2 115205->115206 115207 7ff6eb6e8a66 ExpandEnvironmentStringsW 115205->115207 115209 7ff6eb6ec5c0 _log10_special 8 API calls 115206->115209 115207->115206 115208 7ff6eb6e8a88 115207->115208 115359 7ff6eb6e94b0 WideCharToMultiByte WideCharToMultiByte __std_exception_destroy 115208->115359 115211 7ff6eb6e8ac4 115209->115211 115211->114997 115212 7ff6eb6e8a9a 115213 7ff6eb6ec5c0 _log10_special 8 API calls 115212->115213 115214 7ff6eb6e8aaa 115213->115214 115214->114997 115216 7ff6eb6e9422 MultiByteToWideChar 115215->115216 115217 7ff6eb6e9446 115215->115217 115216->115217 115219 7ff6eb6e945c __std_exception_destroy 115216->115219 115218 7ff6eb6e9463 MultiByteToWideChar 115217->115218 115217->115219 115218->115219 115219->115059 115360 7ff6eb6e6350 115220->115360 115223 7ff6eb6e3399 115229 7ff6eb6e3670 115223->115229 115225 7ff6eb6e3381 115225->115223 115428 7ff6eb6e6040 115225->115428 115227 7ff6eb6e338d 115227->115223 115437 7ff6eb6e61d0 54 API calls 115227->115437 115230 7ff6eb6e367e 115229->115230 115231 7ff6eb6e368f 115230->115231 115576 7ff6eb6e9050 FreeLibrary 115230->115576 115296 7ff6eb6e6fb0 FreeLibrary 115231->115296 115234 7ff6eb6e1ca5 115233->115234 115577 7ff6eb6f49f4 115234->115577 115237->115006 115239 7ff6eb6e45bc 115238->115239 115240 7ff6eb6e9400 2 API calls 115239->115240 115241 7ff6eb6e45e4 115240->115241 115242 7ff6eb6e9400 2 API calls 115241->115242 115243 7ff6eb6e45f7 115242->115243 115604 7ff6eb6f6004 115243->115604 115246 7ff6eb6ec5c0 _log10_special 8 API calls 115247 7ff6eb6e392b 115246->115247 115247->114995 115248 7ff6eb6e7f80 115247->115248 115249 7ff6eb6e7fa4 115248->115249 115250 7ff6eb6f0744 73 API calls 115249->115250 115253 7ff6eb6e807b __std_exception_destroy 115249->115253 115251 7ff6eb6e7fc0 115250->115251 115251->115253 115775 7ff6eb6f7938 115251->115775 115253->114999 115254 7ff6eb6f0744 73 API calls 115256 7ff6eb6e7fd5 115254->115256 115255 7ff6eb6f040c _fread_nolock 53 API calls 115255->115256 115256->115253 115256->115254 115256->115255 115258 7ff6eb6f00ec 115257->115258 115791 7ff6eb6efe98 115258->115791 115260 7ff6eb6f0105 115260->114995 115261->115063 115262->115063 115263->115009 115264->115012 115265->115017 115266->115020 115267->115037 115268->115063 115269->115038 115270->115063 115272 7ff6eb6ec5c9 115271->115272 115273 7ff6eb6e3ca7 115272->115273 115274 7ff6eb6ec950 IsProcessorFeaturePresent 115272->115274 115273->115116 115275 7ff6eb6ec968 115274->115275 115803 7ff6eb6ecb48 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 115275->115803 115277 7ff6eb6ec97b 115804 7ff6eb6ec910 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 115277->115804 115280->115051 115281->115063 115282->115036 115284 7ff6eb6e1c80 49 API calls 115283->115284 115285 7ff6eb6e4650 115284->115285 115285->115057 115285->115285 115286->115090 115287->115094 115288->115097 115289->115102 115290->115110 115291->115101 115292->115065 115293->115065 115294->115071 115296->115089 115297->115129 115298->115129 115300 7ff6eb6e36bc GetModuleFileNameW 115299->115300 115300->115133 115300->115134 115302 7ff6eb6e9342 115301->115302 115303 7ff6eb6e932f FindClose 115301->115303 115304 7ff6eb6ec5c0 _log10_special 8 API calls 115302->115304 115303->115302 115305 7ff6eb6e371a 115304->115305 115305->115139 115305->115140 115306->115137 115307->115146 115308->115151 115309->115144 115310->115137 115312 7ff6eb6f0774 115311->115312 115330 7ff6eb6f04d4 115312->115330 115314 7ff6eb6f078d 115314->115162 115343 7ff6eb6f042c 115315->115343 115318->115167 115319->115201 115320->115173 115321->115201 115322->115179 115323->115201 115324->115191 115325->115201 115326->115197 115327->115201 115328->115198 115329->115201 115331 7ff6eb6f053e 115330->115331 115332 7ff6eb6f04fe 115330->115332 115331->115332 115334 7ff6eb6f054a 115331->115334 115342 7ff6eb6fa884 37 API calls 2 library calls 115332->115342 115341 7ff6eb6f54dc EnterCriticalSection 115334->115341 115335 7ff6eb6f0525 115335->115314 115337 7ff6eb6f054f 115338 7ff6eb6f0658 71 API calls 115337->115338 115339 7ff6eb6f0561 115338->115339 115340 7ff6eb6f54e8 _fread_nolock LeaveCriticalSection 115339->115340 115340->115335 115342->115335 115344 7ff6eb6e1a20 115343->115344 115345 7ff6eb6f0456 115343->115345 115344->115170 115344->115171 115345->115344 115346 7ff6eb6f0465 __scrt_get_show_window_mode 115345->115346 115347 7ff6eb6f04a2 115345->115347 115357 7ff6eb6f4f78 11 API calls _get_daylight 115346->115357 115356 7ff6eb6f54dc EnterCriticalSection 115347->115356 115349 7ff6eb6f04aa 115351 7ff6eb6f01ac _fread_nolock 51 API calls 115349->115351 115353 7ff6eb6f04c1 115351->115353 115352 7ff6eb6f047a 115358 7ff6eb6fa950 37 API calls _invalid_parameter_noinfo 115352->115358 115355 7ff6eb6f54e8 _fread_nolock LeaveCriticalSection 115353->115355 115355->115344 115357->115352 115358->115344 115359->115212 115361 7ff6eb6e6365 115360->115361 115362 7ff6eb6e1c80 49 API calls 115361->115362 115363 7ff6eb6e63a1 115362->115363 115364 7ff6eb6e63aa 115363->115364 115365 7ff6eb6e63cd 115363->115365 115448 7ff6eb6e2710 54 API calls _log10_special 115364->115448 115367 7ff6eb6e4620 49 API calls 115365->115367 115368 7ff6eb6e63e5 115367->115368 115369 7ff6eb6e6403 115368->115369 115449 7ff6eb6e2710 54 API calls _log10_special 115368->115449 115438 7ff6eb6e4550 115369->115438 115372 7ff6eb6ec5c0 _log10_special 8 API calls 115374 7ff6eb6e336e 115372->115374 115374->115223 115391 7ff6eb6e64f0 115374->115391 115375 7ff6eb6e641b 115377 7ff6eb6e4620 49 API calls 115375->115377 115378 7ff6eb6e6434 115377->115378 115379 7ff6eb6e6459 115378->115379 115380 7ff6eb6e6439 115378->115380 115382 7ff6eb6e9070 3 API calls 115379->115382 115450 7ff6eb6e2710 54 API calls _log10_special 115380->115450 115384 7ff6eb6e6466 115382->115384 115383 7ff6eb6e63c3 115383->115372 115385 7ff6eb6e6472 115384->115385 115386 7ff6eb6e64b1 115384->115386 115387 7ff6eb6e9400 2 API calls 115385->115387 115452 7ff6eb6e5820 137 API calls 115386->115452 115389 7ff6eb6e648a GetLastError 115387->115389 115451 7ff6eb6e2c50 51 API calls _log10_special 115389->115451 115453 7ff6eb6e53f0 115391->115453 115393 7ff6eb6e6516 115394 7ff6eb6e652f 115393->115394 115395 7ff6eb6e651e 115393->115395 115460 7ff6eb6e4c80 115394->115460 115478 7ff6eb6e2710 54 API calls _log10_special 115395->115478 115399 7ff6eb6e653b 115479 7ff6eb6e2710 54 API calls _log10_special 115399->115479 115400 7ff6eb6e654c 115402 7ff6eb6e655c 115400->115402 115404 7ff6eb6e656d 115400->115404 115480 7ff6eb6e2710 54 API calls _log10_special 115402->115480 115405 7ff6eb6e659d 115404->115405 115406 7ff6eb6e658c 115404->115406 115408 7ff6eb6e65bd 115405->115408 115409 7ff6eb6e65ac 115405->115409 115481 7ff6eb6e2710 54 API calls _log10_special 115406->115481 115464 7ff6eb6e4d40 115408->115464 115482 7ff6eb6e2710 54 API calls _log10_special 115409->115482 115413 7ff6eb6e65dd 115416 7ff6eb6e65fd 115413->115416 115417 7ff6eb6e65ec 115413->115417 115414 7ff6eb6e65cc 115483 7ff6eb6e2710 54 API calls _log10_special 115414->115483 115419 7ff6eb6e660f 115416->115419 115421 7ff6eb6e6620 115416->115421 115484 7ff6eb6e2710 54 API calls _log10_special 115417->115484 115485 7ff6eb6e2710 54 API calls _log10_special 115419->115485 115424 7ff6eb6e664a 115421->115424 115486 7ff6eb6f7320 73 API calls 115421->115486 115423 7ff6eb6e6638 115487 7ff6eb6f7320 73 API calls 115423->115487 115427 7ff6eb6e652a 115424->115427 115488 7ff6eb6e2710 54 API calls _log10_special 115424->115488 115427->115225 115429 7ff6eb6e6060 115428->115429 115430 7ff6eb6e6089 115429->115430 115436 7ff6eb6e60a0 __std_exception_destroy 115429->115436 115520 7ff6eb6e2710 54 API calls _log10_special 115430->115520 115432 7ff6eb6e6095 115432->115227 115433 7ff6eb6e61ab 115433->115227 115435 7ff6eb6e2710 54 API calls 115435->115436 115436->115433 115436->115435 115490 7ff6eb6e1470 115436->115490 115437->115223 115439 7ff6eb6e455a 115438->115439 115440 7ff6eb6e9400 2 API calls 115439->115440 115441 7ff6eb6e457f 115440->115441 115442 7ff6eb6ec5c0 _log10_special 8 API calls 115441->115442 115443 7ff6eb6e45a7 115442->115443 115443->115375 115444 7ff6eb6e9070 115443->115444 115445 7ff6eb6e9400 2 API calls 115444->115445 115446 7ff6eb6e9084 LoadLibraryExW 115445->115446 115447 7ff6eb6e90a3 __std_exception_destroy 115446->115447 115447->115375 115448->115383 115449->115369 115450->115383 115451->115383 115452->115383 115454 7ff6eb6e541c 115453->115454 115455 7ff6eb6e5424 115454->115455 115456 7ff6eb6e55c4 115454->115456 115489 7ff6eb6f6b14 48 API calls 115454->115489 115455->115393 115457 7ff6eb6e5787 __std_exception_destroy 115456->115457 115458 7ff6eb6e47c0 47 API calls 115456->115458 115457->115393 115458->115456 115461 7ff6eb6e4cb0 115460->115461 115462 7ff6eb6ec5c0 _log10_special 8 API calls 115461->115462 115463 7ff6eb6e4d1a 115462->115463 115463->115399 115463->115400 115465 7ff6eb6e4d55 115464->115465 115466 7ff6eb6e1c80 49 API calls 115465->115466 115467 7ff6eb6e4da1 115466->115467 115468 7ff6eb6e4e23 __std_exception_destroy 115467->115468 115469 7ff6eb6e1c80 49 API calls 115467->115469 115471 7ff6eb6ec5c0 _log10_special 8 API calls 115468->115471 115470 7ff6eb6e4de0 115469->115470 115470->115468 115473 7ff6eb6e9400 2 API calls 115470->115473 115472 7ff6eb6e4e6e 115471->115472 115472->115413 115472->115414 115474 7ff6eb6e4df6 115473->115474 115475 7ff6eb6e9400 2 API calls 115474->115475 115476 7ff6eb6e4e0d 115475->115476 115477 7ff6eb6e9400 2 API calls 115476->115477 115477->115468 115478->115427 115479->115427 115480->115427 115481->115427 115482->115427 115483->115427 115484->115427 115485->115427 115486->115423 115487->115424 115488->115427 115489->115454 115491 7ff6eb6e45b0 108 API calls 115490->115491 115492 7ff6eb6e1493 115491->115492 115493 7ff6eb6e149b 115492->115493 115494 7ff6eb6e14bc 115492->115494 115543 7ff6eb6e2710 54 API calls _log10_special 115493->115543 115496 7ff6eb6f0744 73 API calls 115494->115496 115498 7ff6eb6e14d1 115496->115498 115497 7ff6eb6e14ab 115497->115436 115499 7ff6eb6e14d5 115498->115499 115500 7ff6eb6e14f8 115498->115500 115544 7ff6eb6f4f78 11 API calls _get_daylight 115499->115544 115503 7ff6eb6e1532 115500->115503 115504 7ff6eb6e1508 115500->115504 115502 7ff6eb6e14da 115545 7ff6eb6e2910 54 API calls _log10_special 115502->115545 115507 7ff6eb6e154b 115503->115507 115508 7ff6eb6e1538 115503->115508 115546 7ff6eb6f4f78 11 API calls _get_daylight 115504->115546 115514 7ff6eb6f040c _fread_nolock 53 API calls 115507->115514 115515 7ff6eb6e15d6 115507->115515 115519 7ff6eb6e14f3 __std_exception_destroy 115507->115519 115521 7ff6eb6e1210 115508->115521 115509 7ff6eb6e1510 115547 7ff6eb6e2910 54 API calls _log10_special 115509->115547 115512 7ff6eb6f00bc 74 API calls 115513 7ff6eb6e15c4 115512->115513 115513->115436 115514->115507 115548 7ff6eb6f4f78 11 API calls _get_daylight 115515->115548 115517 7ff6eb6e15db 115549 7ff6eb6e2910 54 API calls _log10_special 115517->115549 115519->115512 115520->115432 115522 7ff6eb6e1268 115521->115522 115523 7ff6eb6e126f 115522->115523 115524 7ff6eb6e1297 115522->115524 115554 7ff6eb6e2710 54 API calls _log10_special 115523->115554 115527 7ff6eb6e12d4 115524->115527 115528 7ff6eb6e12b1 115524->115528 115526 7ff6eb6e1282 115526->115519 115532 7ff6eb6e12e6 115527->115532 115541 7ff6eb6e1309 memcpy_s 115527->115541 115555 7ff6eb6f4f78 11 API calls _get_daylight 115528->115555 115530 7ff6eb6e12b6 115556 7ff6eb6e2910 54 API calls _log10_special 115530->115556 115557 7ff6eb6f4f78 11 API calls _get_daylight 115532->115557 115534 7ff6eb6e12eb 115558 7ff6eb6e2910 54 API calls _log10_special 115534->115558 115535 7ff6eb6f040c _fread_nolock 53 API calls 115535->115541 115537 7ff6eb6e12cf __std_exception_destroy 115537->115519 115538 7ff6eb6e13cf 115559 7ff6eb6e2710 54 API calls _log10_special 115538->115559 115541->115535 115541->115537 115541->115538 115542 7ff6eb6f0180 37 API calls 115541->115542 115550 7ff6eb6f0b4c 115541->115550 115542->115541 115543->115497 115544->115502 115545->115519 115546->115509 115547->115519 115548->115517 115549->115519 115551 7ff6eb6f0b7c 115550->115551 115560 7ff6eb6f089c 115551->115560 115553 7ff6eb6f0b9a 115553->115541 115554->115526 115555->115530 115556->115537 115557->115534 115558->115537 115559->115537 115561 7ff6eb6f08bc 115560->115561 115562 7ff6eb6f08e9 115560->115562 115561->115562 115563 7ff6eb6f08f1 115561->115563 115564 7ff6eb6f08c6 115561->115564 115562->115553 115567 7ff6eb6f07dc 115563->115567 115574 7ff6eb6fa884 37 API calls 2 library calls 115564->115574 115575 7ff6eb6f54dc EnterCriticalSection 115567->115575 115569 7ff6eb6f07f9 115570 7ff6eb6f081c 74 API calls 115569->115570 115571 7ff6eb6f0802 115570->115571 115572 7ff6eb6f54e8 _fread_nolock LeaveCriticalSection 115571->115572 115573 7ff6eb6f080d 115572->115573 115573->115562 115574->115562 115576->115231 115580 7ff6eb6f4a4e 115577->115580 115578 7ff6eb6f4a73 115595 7ff6eb6fa884 37 API calls 2 library calls 115578->115595 115579 7ff6eb6f4aaf 115596 7ff6eb6f2c80 49 API calls _invalid_parameter_noinfo 115579->115596 115580->115578 115580->115579 115583 7ff6eb6f4a9d 115585 7ff6eb6ec5c0 _log10_special 8 API calls 115583->115585 115584 7ff6eb6f4b8c 115586 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 115584->115586 115588 7ff6eb6e1cc8 115585->115588 115586->115583 115587 7ff6eb6f4b46 115587->115584 115589 7ff6eb6f4bb0 115587->115589 115590 7ff6eb6f4b61 115587->115590 115591 7ff6eb6f4b58 115587->115591 115588->114992 115589->115584 115592 7ff6eb6f4bba 115589->115592 115597 7ff6eb6fa9b8 115590->115597 115591->115584 115591->115590 115594 7ff6eb6fa9b8 __free_lconv_mon 11 API calls 115592->115594 115594->115583 115595->115583 115596->115587 115598 7ff6eb6fa9ec 115597->115598 115599 7ff6eb6fa9bd RtlFreeHeap 115597->115599 115598->115583 115599->115598 115600 7ff6eb6fa9d8 GetLastError 115599->115600 115601 7ff6eb6fa9e5 __free_lconv_mon 115600->115601 115603 7ff6eb6f4f78 11 API calls _get_daylight 115601->115603 115603->115598 115605 7ff6eb6f5f38 115604->115605 115606 7ff6eb6f5f5e 115605->115606 115608 7ff6eb6f5f91 115605->115608 115635 7ff6eb6f4f78 11 API calls _get_daylight 115606->115635 115610 7ff6eb6f5fa4 115608->115610 115611 7ff6eb6f5f97 115608->115611 115609 7ff6eb6f5f63 115636 7ff6eb6fa950 37 API calls _invalid_parameter_noinfo 115609->115636 115623 7ff6eb6fac98 115610->115623 115637 7ff6eb6f4f78 11 API calls _get_daylight 115611->115637 115615 7ff6eb6e4606 115615->115246 115617 7ff6eb6f5fc5 115630 7ff6eb6fff3c 115617->115630 115618 7ff6eb6f5fb8 115638 7ff6eb6f4f78 11 API calls _get_daylight 115618->115638 115621 7ff6eb6f5fd8 115639 7ff6eb6f54e8 LeaveCriticalSection 115621->115639 115640 7ff6eb700348 EnterCriticalSection 115623->115640 115625 7ff6eb6facaf 115626 7ff6eb6fad0c 19 API calls 115625->115626 115627 7ff6eb6facba 115626->115627 115628 7ff6eb7003a8 _isindst LeaveCriticalSection 115627->115628 115629 7ff6eb6f5fae 115628->115629 115629->115617 115629->115618 115641 7ff6eb6ffc38 115630->115641 115633 7ff6eb6fff96 115633->115621 115635->115609 115636->115615 115637->115615 115638->115615 115646 7ff6eb6ffc73 __vcrt_InitializeCriticalSectionEx 115641->115646 115643 7ff6eb6fff11 115660 7ff6eb6fa950 37 API calls _invalid_parameter_noinfo 115643->115660 115645 7ff6eb6ffe43 115645->115633 115653 7ff6eb706dc4 115645->115653 115646->115646 115651 7ff6eb6ffe3a 115646->115651 115656 7ff6eb6f7aac 51 API calls 3 library calls 115646->115656 115648 7ff6eb6ffea5 115648->115651 115657 7ff6eb6f7aac 51 API calls 3 library calls 115648->115657 115650 7ff6eb6ffec4 115650->115651 115658 7ff6eb6f7aac 51 API calls 3 library calls 115650->115658 115651->115645 115659 7ff6eb6f4f78 11 API calls _get_daylight 115651->115659 115661 7ff6eb7063c4 115653->115661 115656->115648 115657->115650 115658->115651 115659->115643 115660->115645 115662 7ff6eb7063db 115661->115662 115663 7ff6eb7063f9 115661->115663 115715 7ff6eb6f4f78 11 API calls _get_daylight 115662->115715 115663->115662 115666 7ff6eb706415 115663->115666 115665 7ff6eb7063e0 115716 7ff6eb6fa950 37 API calls _invalid_parameter_noinfo 115665->115716 115672 7ff6eb7069d4 115666->115672 115670 7ff6eb7063ec 115670->115633 115718 7ff6eb706708 115672->115718 115675 7ff6eb706a61 115737 7ff6eb6f8590 115675->115737 115676 7ff6eb706a49 115749 7ff6eb6f4f58 11 API calls _get_daylight 115676->115749 115679 7ff6eb706a4e 115750 7ff6eb6f4f78 11 API calls _get_daylight 115679->115750 115707 7ff6eb706440 115707->115670 115717 7ff6eb6f8568 LeaveCriticalSection 115707->115717 115715->115665 115716->115670 115719 7ff6eb706734 115718->115719 115726 7ff6eb70674e 115718->115726 115719->115726 115762 7ff6eb6f4f78 11 API calls _get_daylight 115719->115762 115721 7ff6eb706743 115763 7ff6eb6fa950 37 API calls _invalid_parameter_noinfo 115721->115763 115723 7ff6eb70681d 115735 7ff6eb70687a 115723->115735 115768 7ff6eb6f9be8 37 API calls 2 library calls 115723->115768 115724 7ff6eb7067cc 115724->115723 115766 7ff6eb6f4f78 11 API calls _get_daylight 115724->115766 115726->115724 115764 7ff6eb6f4f78 11 API calls _get_daylight 115726->115764 115728 7ff6eb706876 115728->115735 115769 7ff6eb6fa970 IsProcessorFeaturePresent 115728->115769 115730 7ff6eb706812 115767 7ff6eb6fa950 37 API calls _invalid_parameter_noinfo 115730->115767 115731 7ff6eb7067c1 115765 7ff6eb6fa950 37 API calls _invalid_parameter_noinfo 115731->115765 115735->115675 115735->115676 115774 7ff6eb700348 EnterCriticalSection 115737->115774 115749->115679 115750->115707 115762->115721 115763->115726 115764->115731 115765->115724 115766->115730 115767->115723 115768->115728 115770 7ff6eb6fa983 115769->115770 115773 7ff6eb6fa684 14 API calls 3 library calls 115770->115773 115772 7ff6eb6fa99e GetCurrentProcess TerminateProcess 115773->115772 115776 7ff6eb6f7968 115775->115776 115779 7ff6eb6f7444 115776->115779 115778 7ff6eb6f7981 115778->115256 115780 7ff6eb6f748e 115779->115780 115781 7ff6eb6f745f 115779->115781 115789 7ff6eb6f54dc EnterCriticalSection 115780->115789 115790 7ff6eb6fa884 37 API calls 2 library calls 115781->115790 115784 7ff6eb6f747f 115784->115778 115785 7ff6eb6f7493 115786 7ff6eb6f74b0 38 API calls 115785->115786 115787 7ff6eb6f749f 115786->115787 115788 7ff6eb6f54e8 _fread_nolock LeaveCriticalSection 115787->115788 115788->115784 115790->115784 115792 7ff6eb6efeb3 115791->115792 115793 7ff6eb6efee1 115791->115793 115802 7ff6eb6fa884 37 API calls 2 library calls 115792->115802 115794 7ff6eb6efed3 115793->115794 115801 7ff6eb6f54dc EnterCriticalSection 115793->115801 115794->115260 115797 7ff6eb6efef8 115798 7ff6eb6eff14 72 API calls 115797->115798 115799 7ff6eb6eff04 115798->115799 115800 7ff6eb6f54e8 _fread_nolock LeaveCriticalSection 115799->115800 115800->115794 115802->115794 115803->115277 115932 7ffe75cc5fe0 115933 7ffe75c812ee 115932->115933 115934 7ffe75cc5ff0 ERR_put_error 115933->115934 115935 7ffe75cc6021 115934->115935 115936 7ff6eb6ff9fc 115937 7ff6eb6ffbee 115936->115937 115939 7ff6eb6ffa3e _isindst 115936->115939 115983 7ff6eb6f4f78 11 API calls _get_daylight 115937->115983 115939->115937 115942 7ff6eb6ffabe _isindst 115939->115942 115940 7ff6eb6ec5c0 _log10_special 8 API calls 115941 7ff6eb6ffc09 115940->115941 115957 7ff6eb706204 115942->115957 115947 7ff6eb6ffc1a 115949 7ff6eb6fa970 _isindst 17 API calls 115947->115949 115951 7ff6eb6ffc2e 115949->115951 115954 7ff6eb6ffb1b 115956 7ff6eb6ffbde 115954->115956 115982 7ff6eb706248 37 API calls _isindst 115954->115982 115956->115940 115958 7ff6eb706213 115957->115958 115959 7ff6eb6ffadc 115957->115959 115984 7ff6eb700348 EnterCriticalSection 115958->115984 115964 7ff6eb705608 115959->115964 115961 7ff6eb70621b 115962 7ff6eb70622c 115961->115962 115963 7ff6eb706074 55 API calls 115961->115963 115963->115962 115965 7ff6eb705611 115964->115965 115969 7ff6eb6ffaf1 115964->115969 115985 7ff6eb6f4f78 11 API calls _get_daylight 115965->115985 115967 7ff6eb705616 115986 7ff6eb6fa950 37 API calls _invalid_parameter_noinfo 115967->115986 115969->115947 115970 7ff6eb705638 115969->115970 115971 7ff6eb705641 115970->115971 115972 7ff6eb6ffb02 115970->115972 115987 7ff6eb6f4f78 11 API calls _get_daylight 115971->115987 115972->115947 115976 7ff6eb705668 115972->115976 115974 7ff6eb705646 115988 7ff6eb6fa950 37 API calls _invalid_parameter_noinfo 115974->115988 115977 7ff6eb705671 115976->115977 115978 7ff6eb6ffb13 115976->115978 115989 7ff6eb6f4f78 11 API calls _get_daylight 115977->115989 115978->115947 115978->115954 115980 7ff6eb705676 115990 7ff6eb6fa950 37 API calls _invalid_parameter_noinfo 115980->115990 115982->115956 115983->115956 115985->115967 115986->115969 115987->115974 115988->115972 115989->115980 115990->115978 115991 7ffe75ca70c0 115992 7ffe75ca70d0 115991->115992 115993 7ffe75ca70e0 ERR_put_error 115992->115993 115994 7ffe75ca710c 115992->115994 115995 7ffe75ca7146 ASYNC_get_current_job 115994->115995 115996 7ffe75ca7188 115994->115996 115998 7ffe75ca718e 115994->115998 115995->115996 115997 7ffe75ca7150 115995->115997 116004 7ffe75cc652a 115996->116004 116024 7ffe75c81cf8 115996->116024 116044 7ffe75c8146a 115996->116044 116064 7ffe75caf150 ERR_put_error 115997->116064 116000 7ffe75ca717b 116005 7ffe75cc6640 116004->116005 116006 7ffe75cc667a ERR_clear_error SetLastError 116005->116006 116018 7ffe75cc69f9 116005->116018 116017 7ffe75cc6693 116006->116017 116009 7ffe75cc6966 116010 7ffe75cc6971 ERR_put_error 116009->116010 116014 7ffe75cc69c4 ERR_put_error 116009->116014 116016 7ffe75cc6999 116010->116016 116012 7ffe75cc6792 116013 7ffe75cc69e9 BUF_MEM_free 116012->116013 116013->116018 116014->116012 116015 7ffe75cc66e1 116015->116009 116015->116012 116015->116013 116065 7ffe75cc6140 116015->116065 116074 7ffe75cc6c10 116015->116074 116016->116014 116017->116015 116017->116018 116020 7ffe75cc676a ERR_put_error 116017->116020 116021 7ffe75cc680a BUF_MEM_grow 116017->116021 116023 7ffe75cc6829 116017->116023 116018->115998 116019 7ffe75cc683c ERR_put_error 116019->116012 116020->116012 116021->116020 116021->116023 116023->116015 116023->116019 116024->115998 116025 7ffe75cc5f60 116024->116025 116026 7ffe75cc667a ERR_clear_error SetLastError 116025->116026 116038 7ffe75cc69f9 116025->116038 116028 7ffe75cc6693 116026->116028 116027 7ffe75cc66e1 116030 7ffe75cc6140 16 API calls 116027->116030 116031 7ffe75cc6966 116027->116031 116033 7ffe75cc6c10 43 API calls 116027->116033 116034 7ffe75cc6792 116027->116034 116035 7ffe75cc69e9 BUF_MEM_free 116027->116035 116028->116027 116028->116038 116040 7ffe75cc6829 116028->116040 116041 7ffe75cc676a ERR_put_error 116028->116041 116042 7ffe75cc680a BUF_MEM_grow 116028->116042 116030->116027 116032 7ffe75cc6971 ERR_put_error 116031->116032 116036 7ffe75cc69c4 ERR_put_error 116031->116036 116037 7ffe75cc6999 116032->116037 116033->116027 116034->116035 116035->116038 116036->116034 116037->116036 116038->115998 116039 7ffe75cc683c ERR_put_error 116039->116034 116040->116027 116040->116039 116041->116034 116042->116040 116042->116041 116044->115998 116045 7ffe75cc5e40 116044->116045 116046 7ffe75cc667a ERR_clear_error SetLastError 116045->116046 116047 7ffe75cc69f9 116045->116047 116058 7ffe75cc6693 116046->116058 116047->115998 116048 7ffe75cc676a ERR_put_error 116057 7ffe75cc6792 116048->116057 116050 7ffe75cc6140 16 API calls 116063 7ffe75cc66e1 116050->116063 116051 7ffe75cc6966 116052 7ffe75cc6971 ERR_put_error 116051->116052 116055 7ffe75cc69c4 ERR_put_error 116051->116055 116056 7ffe75cc6999 116052->116056 116053 7ffe75cc6c10 43 API calls 116053->116063 116054 7ffe75cc69e9 BUF_MEM_free 116054->116047 116055->116057 116056->116055 116057->116054 116058->116047 116058->116048 116060 7ffe75cc6829 116058->116060 116061 7ffe75cc680a BUF_MEM_grow 116058->116061 116058->116063 116059 7ffe75cc683c ERR_put_error 116059->116057 116060->116059 116060->116063 116061->116048 116061->116060 116063->116050 116063->116051 116063->116053 116063->116054 116063->116057 116064->116000 116069 7ffe75cc615a 116065->116069 116066 7ffe75cc63e5 ERR_put_error 116070 7ffe75cc6401 116066->116070 116068 7ffe75cc63df 116068->116066 116068->116070 116069->116068 116069->116070 116071 7ffe75cc64ac ERR_put_error 116069->116071 116072 7ffe75cc62d3 BUF_MEM_grow_clean 116069->116072 116083 7ffe75cc8a7d 116069->116083 116086 7ffe75c8119f memcmp 116069->116086 116070->116015 116071->116070 116072->116068 116072->116069 116079 7ffe75cc6c2c 116074->116079 116075 7ffe75cc6f87 ERR_put_error 116076 7ffe75cc6eba 116075->116076 116076->116015 116079->116076 116080 7ffe75cc6cc2 116079->116080 116102 7ffe75cc83f8 116079->116102 116108 7ffe75c81348 CRYPTO_zalloc ERR_put_error 116079->116108 116109 7ffe75c81122 CRYPTO_free CRYPTO_free 116079->116109 116110 7ffe75c81267 10 API calls 116079->116110 116080->116075 116080->116076 116087 7ffe75c81393 116083->116087 116085 7ffe75cc8a85 116085->116069 116086->116069 116087->116085 116088 7ffe75cce9f0 116087->116088 116089 7ffe75ccea0a OPENSSL_sk_new_null 116088->116089 116092 7ffe75ccea29 116089->116092 116094 7ffe75ccea3d 116089->116094 116090 7ffe75ccef8e X509_free OPENSSL_sk_pop_free 116090->116085 116091 7ffe75cceb0d d2i_X509 116091->116092 116091->116094 116092->116090 116093 7ffe75ccec61 OPENSSL_sk_push 116093->116092 116093->116094 116094->116091 116094->116092 116094->116093 116096 7ffe75ccec8c 116094->116096 116098 7ffe75ccecdb CRYPTO_free 116094->116098 116099 7ffe75ccec4b CRYPTO_free 116094->116099 116095 7ffe75cced0e ERR_clear_error 116095->116092 116097 7ffe75cced43 OPENSSL_sk_value X509_get0_pubkey 116095->116097 116096->116092 116096->116095 116097->116092 116100 7ffe75cced75 116097->116100 116098->116092 116099->116093 116100->116092 116101 7ffe75ccee27 X509_free X509_up_ref 116100->116101 116101->116092 116103 7ffe75cc842b 116102->116103 116104 7ffe75cc8408 116102->116104 116111 7ffe75c81c58 116103->116111 116106 7ffe75cc8421 116104->116106 116115 7ffe75c81b40 27 API calls 116104->116115 116106->116079 116108->116079 116109->116079 116110->116079 116111->116106 116112 7ffe75cc6bb0 116111->116112 116113 7ffe75cc6bbc BIO_ctrl 116112->116113 116114 7ffe75cc6bdf 116113->116114 116114->116106 116115->116106 116116 7ff6eb6f5698 116117 7ff6eb6f56b2 116116->116117 116118 7ff6eb6f56cf 116116->116118 116167 7ff6eb6f4f58 11 API calls _get_daylight 116117->116167 116118->116117 116119 7ff6eb6f56e2 CreateFileW 116118->116119 116121 7ff6eb6f574c 116119->116121 116122 7ff6eb6f5716 116119->116122 116170 7ff6eb6f5c74 46 API calls 3 library calls 116121->116170 116141 7ff6eb6f57ec GetFileType 116122->116141 116123 7ff6eb6f56b7 116168 7ff6eb6f4f78 11 API calls _get_daylight 116123->116168 116127 7ff6eb6f56bf 116169 7ff6eb6fa950 37 API calls _invalid_parameter_noinfo 116127->116169 116129 7ff6eb6f5751 116133 7ff6eb6f5755 116129->116133 116134 7ff6eb6f5780 116129->116134 116131 7ff6eb6f5741 CloseHandle 116136 7ff6eb6f56ca 116131->116136 116132 7ff6eb6f572b CloseHandle 116132->116136 116171 7ff6eb6f4eec 11 API calls 2 library calls 116133->116171 116172 7ff6eb6f5a34 116134->116172 116140 7ff6eb6f575f 116140->116136 116142 7ff6eb6f583a 116141->116142 116143 7ff6eb6f58f7 116141->116143 116146 7ff6eb6f5866 GetFileInformationByHandle 116142->116146 116190 7ff6eb6f5b70 21 API calls _fread_nolock 116142->116190 116144 7ff6eb6f5921 116143->116144 116145 7ff6eb6f58ff 116143->116145 116151 7ff6eb6f5944 PeekNamedPipe 116144->116151 116166 7ff6eb6f58e2 116144->116166 116148 7ff6eb6f5912 GetLastError 116145->116148 116149 7ff6eb6f5903 116145->116149 116146->116148 116150 7ff6eb6f588f 116146->116150 116193 7ff6eb6f4eec 11 API calls 2 library calls 116148->116193 116192 7ff6eb6f4f78 11 API calls _get_daylight 116149->116192 116154 7ff6eb6f5a34 51 API calls 116150->116154 116151->116166 116152 7ff6eb6f5854 116152->116146 116152->116166 116157 7ff6eb6f589a 116154->116157 116156 7ff6eb6ec5c0 _log10_special 8 API calls 116158 7ff6eb6f5724 116156->116158 116183 7ff6eb6f5994 116157->116183 116158->116131 116158->116132 116161 7ff6eb6f5994 10 API calls 116162 7ff6eb6f58b9 116161->116162 116163 7ff6eb6f5994 10 API calls 116162->116163 116164 7ff6eb6f58ca 116163->116164 116164->116166 116191 7ff6eb6f4f78 11 API calls _get_daylight 116164->116191 116166->116156 116167->116123 116168->116127 116169->116136 116170->116129 116171->116140 116174 7ff6eb6f5a5c 116172->116174 116173 7ff6eb6f578d 116182 7ff6eb6f5b70 21 API calls _fread_nolock 116173->116182 116174->116173 116194 7ff6eb6ff794 51 API calls 2 library calls 116174->116194 116176 7ff6eb6f5af0 116176->116173 116195 7ff6eb6ff794 51 API calls 2 library calls 116176->116195 116178 7ff6eb6f5b03 116178->116173 116196 7ff6eb6ff794 51 API calls 2 library calls 116178->116196 116180 7ff6eb6f5b16 116180->116173 116197 7ff6eb6ff794 51 API calls 2 library calls 116180->116197 116182->116140 116184 7ff6eb6f59b0 116183->116184 116185 7ff6eb6f59bd FileTimeToSystemTime 116183->116185 116184->116185 116187 7ff6eb6f59b8 116184->116187 116186 7ff6eb6f59d1 SystemTimeToTzSpecificLocalTime 116185->116186 116185->116187 116186->116187 116188 7ff6eb6ec5c0 _log10_special 8 API calls 116187->116188 116189 7ff6eb6f58a9 116188->116189 116189->116161 116190->116152 116191->116166 116192->116166 116193->116166 116194->116176 116195->116178 116196->116180 116197->116173 115805 7ffe75c81e38 115806 7ffe75c98fa0 115805->115806 115807 7ffe75c99009 115806->115807 115808 7ffe75c99025 BIO_ctrl 115806->115808 115809 7ffe75c99044 115808->115809 116198 7ffe759ff8d0 GetSystemInfo 116199 7ffe759ff904 116198->116199 116200 7ffe75cd7820 116201 7ffe75cd7838 116200->116201 116202 7ffe75cd7946 116201->116202 116204 7ffe75c81b4a 116201->116204 116204->116201 116210 7ffe75c8c350 116204->116210 116205 7ffe75c8c42f 116205->116201 116207 7ffe75c8c835 memcpy 116207->116210 116208 7ffe75c8c9e0 memcpy 116208->116210 116209 7ffe75c8c7ff 116211 7ffe75c8c80e BIO_clear_flags BIO_set_flags 116209->116211 116210->116205 116210->116207 116210->116208 116210->116209 116212 7ffe75c8cade 116210->116212 116215 7ffe75c8195b 116210->116215 116211->116205 116213 7ffe75c8cb20 BIO_snprintf ERR_add_error_data 116212->116213 116240 7ffe75c8160e CRYPTO_THREAD_write_lock OPENSSL_LH_retrieve OPENSSL_LH_delete CRYPTO_THREAD_unlock 116213->116240 116215->116210 116216 7ffe75c90060 116215->116216 116217 7ffe75c81497 memcpy memcpy SetLastError BIO_read 116216->116217 116218 7ffe75c90475 EVP_CIPHER_CTX_cipher EVP_CIPHER_flags 116216->116218 116220 7ffe75c90567 116216->116220 116221 7ffe75c90cb2 116216->116221 116232 7ffe75c901d4 116216->116232 116217->116216 116218->116216 116218->116220 116219 7ffe75c9065b EVP_MD_CTX_md EVP_MD_size 116222 7ffe75c90671 116219->116222 116219->116232 116220->116219 116229 7ffe75c906de 116220->116229 116220->116232 116223 7ffe75c90cbf strncmp 116221->116223 116221->116232 116227 7ffe75c906be CRYPTO_memcmp 116222->116227 116222->116229 116222->116232 116225 7ffe75c90ce0 strncmp 116223->116225 116223->116232 116224 7ffe75c90811 EVP_MD_CTX_md 116226 7ffe75c90826 EVP_MD_CTX_md EVP_MD_size 116224->116226 116238 7ffe75c90957 116224->116238 116228 7ffe75c90d00 strncmp 116225->116228 116225->116232 116237 7ffe75c90843 116226->116237 116227->116222 116227->116232 116230 7ffe75c90d1b strncmp 116228->116230 116228->116232 116229->116224 116229->116232 116229->116238 116231 7ffe75c90d33 strncmp 116230->116231 116230->116232 116231->116232 116232->116210 116234 7ffe75c9087a EVP_CIPHER_CTX_cipher EVP_CIPHER_flags 116235 7ffe75c908a6 EVP_CIPHER_CTX_cipher EVP_CIPHER_flags 116234->116235 116234->116237 116235->116237 116237->116234 116237->116235 116237->116238 116239 7ffe75c90920 CRYPTO_memcmp 116237->116239 116241 7ffe75c81451 memset 116237->116241 116238->116232 116242 7ffe75c8102d CRYPTO_malloc COMP_expand_block 116238->116242 116239->116237 116240->116205 116241->116237 116242->116238 116243 7ffe75ca4d24 116244 7ffe75ca4d30 116243->116244 116245 7ffe75ca4d84 116244->116245 116246 7ffe75ca4d54 ERR_put_error 116244->116246 116282 7ffe75c81073 116245->116282 116247 7ffe75ca4d72 116246->116247 116249 7ffe75ca4d90 116249->116247 116294 7ffe75c81da2 CRYPTO_THREAD_run_once 116249->116294 116251 7ffe75ca4d9e 116252 7ffe75ca4e08 CRYPTO_zalloc 116251->116252 116253 7ffe75ca4da2 ERR_put_error 116251->116253 116254 7ffe75ca4e27 CRYPTO_THREAD_lock_new 116252->116254 116255 7ffe75ca4dc4 ERR_put_error 116252->116255 116253->116255 116259 7ffe75ca4ea8 116254->116259 116260 7ffe75ca4e6e ERR_put_error CRYPTO_free 116254->116260 116295 7ffe75c82153 116255->116295 116259->116255 116261 7ffe75ca4ece OPENSSL_LH_new 116259->116261 116281 7ffe75ca4df1 116260->116281 116261->116255 116262 7ffe75ca4eee 116261->116262 116262->116255 116263 7ffe75ca4f61 OPENSSL_sk_num 116262->116263 116263->116255 116264 7ffe75ca4f72 116263->116264 116264->116255 116265 7ffe75ca4f87 EVP_get_digestbyname 116264->116265 116265->116255 116266 7ffe75ca4faf EVP_get_digestbyname 116265->116266 116266->116255 116267 7ffe75ca4fd7 OPENSSL_sk_new_null 116266->116267 116267->116255 116268 7ffe75ca4fec OPENSSL_sk_new_null 116267->116268 116268->116255 116269 7ffe75ca5001 CRYPTO_new_ex_data 116268->116269 116269->116255 116270 7ffe75ca501d 116269->116270 116270->116255 116271 7ffe75ca505d RAND_bytes 116270->116271 116305 7ffe75c8129e CRYPTO_THREAD_run_once 116270->116305 116273 7ffe75ca50b6 116271->116273 116274 7ffe75ca5088 RAND_priv_bytes 116271->116274 116277 7ffe75ca50c0 RAND_priv_bytes 116273->116277 116274->116273 116276 7ffe75ca509d RAND_priv_bytes 116274->116276 116275 7ffe75ca5056 116275->116271 116276->116273 116276->116277 116277->116255 116278 7ffe75ca50d9 116277->116278 116278->116255 116279 7ffe75ca50e9 116278->116279 116306 7ffe75c81f41 6 API calls 116279->116306 116282->116249 116283 7ffe75ca33c0 116282->116283 116284 7ffe75ca33dc 116283->116284 116287 7ffe75ca341c 116283->116287 116285 7ffe75ca340f 116284->116285 116286 7ffe75ca33e5 ERR_put_error 116284->116286 116285->116249 116286->116285 116287->116285 116288 7ffe75ca343b CRYPTO_THREAD_run_once 116287->116288 116288->116285 116289 7ffe75ca345f 116288->116289 116290 7ffe75ca3466 CRYPTO_THREAD_run_once 116289->116290 116291 7ffe75ca3488 116289->116291 116290->116285 116290->116291 116292 7ffe75ca348f CRYPTO_THREAD_run_once 116291->116292 116293 7ffe75ca34c0 116291->116293 116292->116249 116293->116249 116294->116251 116295->116281 116296 7ffe75ca48b0 116295->116296 116297 7ffe75ca4a8e 116296->116297 116298 7ffe75ca48ec CRYPTO_free CRYPTO_free 116296->116298 116297->116281 116299 7ffe75ca494c 7 API calls 116298->116299 116300 7ffe75ca4942 116298->116300 116307 7ffe75c811b3 116299->116307 116300->116299 116302 7ffe75ca49a5 OPENSSL_sk_pop_free OPENSSL_sk_pop_free OPENSSL_sk_pop_free OPENSSL_sk_free 116315 7ffe75c81523 10 API calls 116302->116315 116304 7ffe75ca49fd 7 API calls 116304->116297 116305->116275 116306->116281 116307->116302 116309 7ffe75c9bf10 116307->116309 116308 7ffe75c9c06f 116308->116302 116309->116308 116310 7ffe75c9bf40 EVP_PKEY_free 116309->116310 116311 7ffe75c9bf63 X509_free EVP_PKEY_free OPENSSL_sk_pop_free CRYPTO_free 116310->116311 116311->116311 116312 7ffe75c9bfb7 CRYPTO_free CRYPTO_free CRYPTO_free X509_STORE_free X509_STORE_free 116311->116312 116313 7ffe75c81852 116312->116313 116314 7ffe75c9c026 CRYPTO_free CRYPTO_THREAD_lock_free CRYPTO_free 116313->116314 116314->116308 116315->116304

                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                  Function 00007FF6EB6E1000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 0 7ff6eb6e1000-7ff6eb6e3806 call 7ff6eb6efe88 call 7ff6eb6efe90 call 7ff6eb6ec8c0 call 7ff6eb6f5460 call 7ff6eb6f54f4 call 7ff6eb6e36b0 14 7ff6eb6e3814-7ff6eb6e3836 call 7ff6eb6e1950 0->14 15 7ff6eb6e3808-7ff6eb6e380f 0->15 20 7ff6eb6e391b-7ff6eb6e3931 call 7ff6eb6e45b0 14->20 21 7ff6eb6e383c-7ff6eb6e3856 call 7ff6eb6e1c80 14->21 17 7ff6eb6e3c97-7ff6eb6e3cb2 call 7ff6eb6ec5c0 15->17 28 7ff6eb6e3933-7ff6eb6e3960 call 7ff6eb6e7f80 20->28 29 7ff6eb6e396a-7ff6eb6e397f call 7ff6eb6e2710 20->29 25 7ff6eb6e385b-7ff6eb6e389b call 7ff6eb6e8a20 21->25 34 7ff6eb6e38c1-7ff6eb6e38cc call 7ff6eb6f4fa0 25->34 35 7ff6eb6e389d-7ff6eb6e38a3 25->35 41 7ff6eb6e3962-7ff6eb6e3965 call 7ff6eb6f00bc 28->41 42 7ff6eb6e3984-7ff6eb6e39a6 call 7ff6eb6e1c80 28->42 37 7ff6eb6e3c8f 29->37 49 7ff6eb6e38d2-7ff6eb6e38e1 call 7ff6eb6e8a20 34->49 50 7ff6eb6e39fc-7ff6eb6e3a2a call 7ff6eb6e8b30 call 7ff6eb6e8b90 * 3 34->50 38 7ff6eb6e38a5-7ff6eb6e38ad 35->38 39 7ff6eb6e38af-7ff6eb6e38bd call 7ff6eb6e8b90 35->39 37->17 38->39 39->34 41->29 53 7ff6eb6e39b0-7ff6eb6e39b9 42->53 57 7ff6eb6e39f4-7ff6eb6e39f7 call 7ff6eb6f4fa0 49->57 58 7ff6eb6e38e7-7ff6eb6e38ed 49->58 76 7ff6eb6e3a2f-7ff6eb6e3a3e call 7ff6eb6e8a20 50->76 53->53 56 7ff6eb6e39bb-7ff6eb6e39d8 call 7ff6eb6e1950 53->56 56->25 68 7ff6eb6e39de-7ff6eb6e39ef call 7ff6eb6e2710 56->68 57->50 61 7ff6eb6e38f0-7ff6eb6e38fc 58->61 65 7ff6eb6e3905-7ff6eb6e3908 61->65 66 7ff6eb6e38fe-7ff6eb6e3903 61->66 65->57 69 7ff6eb6e390e-7ff6eb6e3916 call 7ff6eb6f4fa0 65->69 66->61 66->65 68->37 69->76 79 7ff6eb6e3b45-7ff6eb6e3b53 76->79 80 7ff6eb6e3a44-7ff6eb6e3a47 76->80 81 7ff6eb6e3a67 79->81 82 7ff6eb6e3b59-7ff6eb6e3b5d 79->82 80->79 83 7ff6eb6e3a4d-7ff6eb6e3a50 80->83 84 7ff6eb6e3a6b-7ff6eb6e3a90 call 7ff6eb6f4fa0 81->84 82->84 85 7ff6eb6e3b14-7ff6eb6e3b17 83->85 86 7ff6eb6e3a56-7ff6eb6e3a5a 83->86 94 7ff6eb6e3a92-7ff6eb6e3aa6 call 7ff6eb6e8b30 84->94 95 7ff6eb6e3aab-7ff6eb6e3ac0 84->95 89 7ff6eb6e3b2f-7ff6eb6e3b40 call 7ff6eb6e2710 85->89 90 7ff6eb6e3b19-7ff6eb6e3b1d 85->90 86->85 88 7ff6eb6e3a60 86->88 88->81 98 7ff6eb6e3c7f-7ff6eb6e3c87 89->98 90->89 91 7ff6eb6e3b1f-7ff6eb6e3b2a 90->91 91->84 94->95 99 7ff6eb6e3ac6-7ff6eb6e3aca 95->99 100 7ff6eb6e3be8-7ff6eb6e3bfa call 7ff6eb6e8a20 95->100 98->37 102 7ff6eb6e3ad0-7ff6eb6e3ae8 call 7ff6eb6f52c0 99->102 103 7ff6eb6e3bcd-7ff6eb6e3be2 call 7ff6eb6e1940 99->103 108 7ff6eb6e3c2e 100->108 109 7ff6eb6e3bfc-7ff6eb6e3c02 100->109 113 7ff6eb6e3b62-7ff6eb6e3b7a call 7ff6eb6f52c0 102->113 114 7ff6eb6e3aea-7ff6eb6e3b02 call 7ff6eb6f52c0 102->114 103->99 103->100 115 7ff6eb6e3c31-7ff6eb6e3c40 call 7ff6eb6f4fa0 108->115 111 7ff6eb6e3c04-7ff6eb6e3c1c 109->111 112 7ff6eb6e3c1e-7ff6eb6e3c2c 109->112 111->115 112->115 122 7ff6eb6e3b7c-7ff6eb6e3b80 113->122 123 7ff6eb6e3b87-7ff6eb6e3b9f call 7ff6eb6f52c0 113->123 114->103 124 7ff6eb6e3b08-7ff6eb6e3b0f 114->124 125 7ff6eb6e3d41-7ff6eb6e3d63 call 7ff6eb6e44d0 115->125 126 7ff6eb6e3c46-7ff6eb6e3c4a 115->126 122->123 139 7ff6eb6e3ba1-7ff6eb6e3ba5 123->139 140 7ff6eb6e3bac-7ff6eb6e3bc4 call 7ff6eb6f52c0 123->140 124->103 137 7ff6eb6e3d65-7ff6eb6e3d6f call 7ff6eb6e4620 125->137 138 7ff6eb6e3d71-7ff6eb6e3d82 call 7ff6eb6e1c80 125->138 127 7ff6eb6e3cd4-7ff6eb6e3ce6 call 7ff6eb6e8a20 126->127 128 7ff6eb6e3c50-7ff6eb6e3c5f call 7ff6eb6e90e0 126->128 143 7ff6eb6e3d35-7ff6eb6e3d3c 127->143 144 7ff6eb6e3ce8-7ff6eb6e3ceb 127->144 141 7ff6eb6e3cb3-7ff6eb6e3cbd call 7ff6eb6e8850 128->141 142 7ff6eb6e3c61 128->142 152 7ff6eb6e3d87-7ff6eb6e3d96 137->152 138->152 139->140 140->103 154 7ff6eb6e3bc6 140->154 164 7ff6eb6e3cbf-7ff6eb6e3cc6 141->164 165 7ff6eb6e3cc8-7ff6eb6e3ccf 141->165 149 7ff6eb6e3c68 call 7ff6eb6e2710 142->149 143->149 144->143 150 7ff6eb6e3ced-7ff6eb6e3d10 call 7ff6eb6e1c80 144->150 160 7ff6eb6e3c6d-7ff6eb6e3c77 149->160 166 7ff6eb6e3d12-7ff6eb6e3d26 call 7ff6eb6e2710 call 7ff6eb6f4fa0 150->166 167 7ff6eb6e3d2b-7ff6eb6e3d33 call 7ff6eb6f4fa0 150->167 157 7ff6eb6e3dc4-7ff6eb6e3dda call 7ff6eb6e9400 152->157 158 7ff6eb6e3d98-7ff6eb6e3d9f 152->158 154->103 170 7ff6eb6e3ddc 157->170 171 7ff6eb6e3de8-7ff6eb6e3e04 SetDllDirectoryW 157->171 158->157 162 7ff6eb6e3da1-7ff6eb6e3da5 158->162 160->98 162->157 168 7ff6eb6e3da7-7ff6eb6e3dbe SetDllDirectoryW LoadLibraryExW 162->168 164->149 165->152 166->160 167->152 168->157 170->171 174 7ff6eb6e3f01-7ff6eb6e3f08 171->174 175 7ff6eb6e3e0a-7ff6eb6e3e19 call 7ff6eb6e8a20 171->175 180 7ff6eb6e3f0e-7ff6eb6e3f15 174->180 181 7ff6eb6e3ffc-7ff6eb6e4004 174->181 189 7ff6eb6e3e32-7ff6eb6e3e3c call 7ff6eb6f4fa0 175->189 190 7ff6eb6e3e1b-7ff6eb6e3e21 175->190 180->181 186 7ff6eb6e3f1b-7ff6eb6e3f25 call 7ff6eb6e33c0 180->186 182 7ff6eb6e4006-7ff6eb6e4023 PostMessageW GetMessageW 181->182 183 7ff6eb6e4029-7ff6eb6e403e call 7ff6eb6e36a0 call 7ff6eb6e3360 call 7ff6eb6e3670 181->183 182->183 209 7ff6eb6e4043-7ff6eb6e405b call 7ff6eb6e6fb0 call 7ff6eb6e6d60 183->209 186->160 196 7ff6eb6e3f2b-7ff6eb6e3f3f call 7ff6eb6e90c0 186->196 201 7ff6eb6e3ef2-7ff6eb6e3efc call 7ff6eb6e8b30 189->201 202 7ff6eb6e3e42-7ff6eb6e3e48 189->202 193 7ff6eb6e3e23-7ff6eb6e3e2b 190->193 194 7ff6eb6e3e2d-7ff6eb6e3e2f 190->194 193->194 194->189 207 7ff6eb6e3f64-7ff6eb6e3fa7 call 7ff6eb6e8b30 call 7ff6eb6e8bd0 call 7ff6eb6e6fb0 call 7ff6eb6e6d60 call 7ff6eb6e8ad0 196->207 208 7ff6eb6e3f41-7ff6eb6e3f5e PostMessageW GetMessageW 196->208 201->174 202->201 206 7ff6eb6e3e4e-7ff6eb6e3e54 202->206 210 7ff6eb6e3e5f-7ff6eb6e3e61 206->210 211 7ff6eb6e3e56-7ff6eb6e3e58 206->211 247 7ff6eb6e3fe9-7ff6eb6e3ff7 call 7ff6eb6e1900 207->247 248 7ff6eb6e3fa9-7ff6eb6e3fb3 call 7ff6eb6e9200 207->248 208->207 210->174 212 7ff6eb6e3e67-7ff6eb6e3e83 call 7ff6eb6e6db0 call 7ff6eb6e7330 210->212 211->212 215 7ff6eb6e3e5a 211->215 227 7ff6eb6e3e85-7ff6eb6e3e8c 212->227 228 7ff6eb6e3e8e-7ff6eb6e3e95 212->228 215->174 230 7ff6eb6e3edb-7ff6eb6e3ef0 call 7ff6eb6e2a50 call 7ff6eb6e6fb0 call 7ff6eb6e6d60 227->230 231 7ff6eb6e3eaf-7ff6eb6e3eb9 call 7ff6eb6e71a0 228->231 232 7ff6eb6e3e97-7ff6eb6e3ea4 call 7ff6eb6e6df0 228->232 230->174 245 7ff6eb6e3ec4-7ff6eb6e3ed2 call 7ff6eb6e74e0 231->245 246 7ff6eb6e3ebb-7ff6eb6e3ec2 231->246 232->231 244 7ff6eb6e3ea6-7ff6eb6e3ead 232->244 244->230 245->174 256 7ff6eb6e3ed4 245->256 246->230 247->160 248->247 259 7ff6eb6e3fb5-7ff6eb6e3fca 248->259 256->230 260 7ff6eb6e3fe4 call 7ff6eb6e2a50 259->260 261 7ff6eb6e3fcc-7ff6eb6e3fdf call 7ff6eb6e2710 call 7ff6eb6e1900 259->261 260->247 261->160
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                  • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                  • API String ID: 2776309574-4232158417
                                                                                                                                                                                                  • Opcode ID: c4287787c746abb56e9331fa3c8956d7c4ae80ab217cba986f551fa52fb8bac5
                                                                                                                                                                                                  • Instruction ID: 65bdf0939717f0752713721a85a840b514ca4da58ccfa60d6c9b12361e06670d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c4287787c746abb56e9331fa3c8956d7c4ae80ab217cba986f551fa52fb8bac5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2232A123A0C68251FB26DB25D9543BD2761AF4C780F844032DA5DC76F6EF2EE654E30A
                                                                                                                                                                                                  Function 00007FFE75C8195B Relevance: 46.3, APIs: 18, Strings: 8, Instructions: 785COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494587177.00007FFE75C81000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFE75C80000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494559613.00007FFE75C80000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494587177.00007FFE75CF3000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494687366.00007FFE75CF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494783041.00007FFE75D19000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D1E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D2B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75c80000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: D_sizeO_memcmpR_flagsX_cipherX_md
                                                                                                                                                                                                  • String ID: $..\s\ssl\record\ssl3_record.c$@$CONNE$GET $HEAD $POST $PUT
                                                                                                                                                                                                  • API String ID: 2456506815-352295518
                                                                                                                                                                                                  • Opcode ID: a3f21129b7913eae9a94783b92e2e12604d4e82486dce33fe9aacd03e31347fa
                                                                                                                                                                                                  • Instruction ID: 98568860c367f31e6a9b630cba8015d6aab6081119122e2de15d5ec7b9263d4a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3f21129b7913eae9a94783b92e2e12604d4e82486dce33fe9aacd03e31347fa
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81728D73B28782C6FB608E15D4447BA37A0EB84F88F544135DA6D6BAA5CF7DE580C702
                                                                                                                                                                                                  Function 00007FFE75C8220C Relevance: 40.5, APIs: 18, Strings: 5, Instructions: 212COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 497 7ffe75c8220c-7ffe75ca4d52 call 7ffe75c812ee 501 7ffe75ca4d84-7ffe75ca4d8b call 7ffe75c81073 497->501 502 7ffe75ca4d54-7ffe75ca4d6d ERR_put_error 497->502 505 7ffe75ca4d90-7ffe75ca4d92 501->505 503 7ffe75ca4d72-7ffe75ca4d83 502->503 505->503 506 7ffe75ca4d94-7ffe75ca4da0 call 7ffe75c81da2 505->506 509 7ffe75ca4e08-7ffe75ca4e25 CRYPTO_zalloc 506->509 510 7ffe75ca4da2-7ffe75ca4dbf ERR_put_error 506->510 511 7ffe75ca4e27-7ffe75ca4e6c CRYPTO_THREAD_lock_new 509->511 512 7ffe75ca4dc4-7ffe75ca4dc9 509->512 510->512 516 7ffe75ca4ea8-7ffe75ca4ec8 call 7ffe75c824e6 511->516 517 7ffe75ca4e6e-7ffe75ca4ea3 ERR_put_error CRYPTO_free 511->517 513 7ffe75ca4dcf-7ffe75ca4dec ERR_put_error call 7ffe75c82153 512->513 518 7ffe75ca4df1 513->518 516->512 522 7ffe75ca4ece-7ffe75ca4ee8 OPENSSL_LH_new 516->522 517->518 519 7ffe75ca4df3-7ffe75ca4e07 518->519 522->512 523 7ffe75ca4eee-7ffe75ca4efa call 7ffe75cee03f 522->523 523->512 526 7ffe75ca4f00-7ffe75ca4f0f call 7ffe75cee3bd 523->526 526->512 529 7ffe75ca4f15-7ffe75ca4f26 call 7ffe75c8241e 526->529 529->512 532 7ffe75ca4f2c-7ffe75ca4f5b call 7ffe75c81ec4 529->532 535 7ffe75ca512f-7ffe75ca513a 532->535 536 7ffe75ca4f61-7ffe75ca4f6c OPENSSL_sk_num 532->536 535->513 536->535 537 7ffe75ca4f72-7ffe75ca4f81 call 7ffe75cee2f1 536->537 537->512 540 7ffe75ca4f87-7ffe75ca4f9d EVP_get_digestbyname 537->540 541 7ffe75ca4faf-7ffe75ca4fc5 EVP_get_digestbyname 540->541 542 7ffe75ca4f9f-7ffe75ca4faa 540->542 543 7ffe75ca4fd7-7ffe75ca4fe6 OPENSSL_sk_new_null 541->543 544 7ffe75ca4fc7-7ffe75ca4fd2 541->544 542->513 543->512 545 7ffe75ca4fec-7ffe75ca4ffb OPENSSL_sk_new_null 543->545 544->513 545->512 546 7ffe75ca5001-7ffe75ca5017 CRYPTO_new_ex_data 545->546 546->512 547 7ffe75ca501d-7ffe75ca503e call 7ffe75cee28b 546->547 547->512 550 7ffe75ca5044-7ffe75ca504f 547->550 551 7ffe75ca505d-7ffe75ca5086 RAND_bytes 550->551 552 7ffe75ca5051-7ffe75ca5056 call 7ffe75c8129e 550->552 554 7ffe75ca50b6 551->554 555 7ffe75ca5088-7ffe75ca509b RAND_priv_bytes 551->555 552->551 558 7ffe75ca50c0-7ffe75ca50d3 RAND_priv_bytes 554->558 555->554 557 7ffe75ca509d-7ffe75ca50b4 RAND_priv_bytes 555->557 557->554 557->558 558->512 559 7ffe75ca50d9-7ffe75ca50e3 call 7ffe75c812d5 558->559 559->512 562 7ffe75ca50e9-7ffe75ca512a call 7ffe75c81f41 559->562 562->519
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494587177.00007FFE75C81000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFE75C80000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494559613.00007FFE75C80000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494587177.00007FFE75CF3000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494687366.00007FFE75CF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494783041.00007FFE75D19000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D1E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D2B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75c80000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_put_error
                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_lib.c$ALL:!COMPLEMENTOFDEFAULT:!eNULL$TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256$ssl3-md5$ssl3-sha1
                                                                                                                                                                                                  • API String ID: 1767461275-1115027282
                                                                                                                                                                                                  • Opcode ID: 91ea913b94ac5cebd562a50e85ddf006105196296dabc78c76552a640230465e
                                                                                                                                                                                                  • Instruction ID: 7d754cfd5ddf8237be58828968a00cf66596449628a939f67aa5b7b3fd61b689
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91ea913b94ac5cebd562a50e85ddf006105196296dabc78c76552a640230465e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2A13C33E29B8285FB50DF21D8503A92AA0EF44F44F580539DA6D4A3EAEF7CE504C352
                                                                                                                                                                                                  Function 00007FFE75C82153 Relevance: 36.8, APIs: 20, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494587177.00007FFE75C81000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFE75C80000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494559613.00007FFE75C80000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494587177.00007FFE75CF3000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494687366.00007FFE75CF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494783041.00007FFE75D19000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D1E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D2B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75c80000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_free$L_sk_free$L_sk_pop_free$E_free$D_lock_freeE_finishH_freeO_free_ex_dataO_secure_freeX509_
                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                  • API String ID: 4271332762-1080266419
                                                                                                                                                                                                  • Opcode ID: 4229b67528dd6073842fc3be38c5445f3dd18c07764e2f1eaaf0ba2b8f8282d9
                                                                                                                                                                                                  • Instruction ID: b912cc8f344b231831fb379d3847410aec3da561741e514fb09307278e6e7dad
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4229b67528dd6073842fc3be38c5445f3dd18c07764e2f1eaaf0ba2b8f8282d9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A841CA63B28B8381FB80EF75D8517B82321EB84F88F185135D92D4B2BADE6CE545C352
                                                                                                                                                                                                  Function 00007FFE75C81393 Relevance: 23.1, APIs: 12, Strings: 1, Instructions: 347COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 582 7ffe75c81393-7ffe75ccea27 call 7ffe75c812ee OPENSSL_sk_new_null 586 7ffe75ccea3d-7ffe75ccea4c 582->586 587 7ffe75ccea29-7ffe75ccea38 582->587 589 7ffe75ccea84-7ffe75ccea8c 586->589 590 7ffe75ccea4e-7ffe75ccea55 586->590 588 7ffe75ccef6c 587->588 594 7ffe75ccef73-7ffe75ccef81 call 7ffe75c81c94 588->594 592 7ffe75ccef5b-7ffe75ccef68 589->592 593 7ffe75ccea92-7ffe75cceab9 589->593 590->589 591 7ffe75ccea57-7ffe75ccea5c 590->591 591->589 595 7ffe75ccea5e-7ffe75ccea65 591->595 592->588 593->592 596 7ffe75cceabf-7ffe75cceac2 593->596 600 7ffe75ccef86 594->600 595->592 598 7ffe75ccea6b-7ffe75ccea7e 595->598 596->592 599 7ffe75cceac8-7ffe75cceacb 596->599 598->589 598->592 602 7ffe75ccead2-7ffe75ccead6 599->602 601 7ffe75ccef8e-7ffe75ccefbe X509_free OPENSSL_sk_pop_free 600->601 603 7ffe75cceadc-7ffe75cceb07 602->603 604 7ffe75ccef32-7ffe75ccef59 call 7ffe75c81c94 602->604 603->604 605 7ffe75cceb0d-7ffe75cceb34 d2i_X509 603->605 604->600 607 7ffe75cceb3a-7ffe75cceb43 605->607 608 7ffe75ccef1f-7ffe75ccef30 605->608 610 7ffe75ccef0c-7ffe75ccef1d 607->610 611 7ffe75cceb49-7ffe75cceb58 607->611 608->594 610->594 612 7ffe75cceb5e-7ffe75cceb65 611->612 613 7ffe75ccec61-7ffe75ccec76 OPENSSL_sk_push 611->613 612->613 616 7ffe75cceb6b-7ffe75cceb70 612->616 614 7ffe75ccec7c-7ffe75ccec86 613->614 615 7ffe75cceee3-7ffe75ccef07 call 7ffe75c81c94 613->615 614->602 618 7ffe75ccec8c-7ffe75ccec9f call 7ffe75c823ba 614->618 615->601 616->613 619 7ffe75cceb76-7ffe75cceb94 616->619 627 7ffe75cced0e-7ffe75cced16 ERR_clear_error 618->627 628 7ffe75cceca1-7ffe75cceca3 618->628 622 7ffe75cceb9a-7ffe75ccebba 619->622 623 7ffe75ccecf6-7ffe75cced09 619->623 622->623 624 7ffe75ccebc0-7ffe75ccec13 call 7ffe75c8174e 622->624 623->594 633 7ffe75ccecdb-7ffe75ccecf1 CRYPTO_free 624->633 634 7ffe75ccec19-7ffe75ccec45 call 7ffe75c82419 624->634 630 7ffe75cced18-7ffe75cced3e call 7ffe75c81c94 627->630 631 7ffe75cced43-7ffe75cced6f OPENSSL_sk_value X509_get0_pubkey 627->631 628->627 632 7ffe75cceca5-7ffe75ccecce call 7ffe75c82220 call 7ffe75c81c94 628->632 630->601 636 7ffe75cceeb5-7ffe75cceede call 7ffe75c81c94 631->636 637 7ffe75cced75-7ffe75cced7f call 7ffe75cee453 631->637 648 7ffe75ccecd3-7ffe75ccecd6 632->648 633->600 634->633 649 7ffe75ccec4b-7ffe75ccec5c CRYPTO_free 634->649 636->601 637->636 650 7ffe75cced85-7ffe75cced98 call 7ffe75c81de3 637->650 648->601 649->613 653 7ffe75cced9a-7ffe75ccedbf call 7ffe75c81c94 650->653 654 7ffe75ccedc4-7ffe75ccedd3 650->654 653->601 656 7ffe75ccede5-7ffe75ccedf9 654->656 657 7ffe75ccedd5-7ffe75cceddc 654->657 660 7ffe75ccedfb-7ffe75ccee22 call 7ffe75c81c94 656->660 661 7ffe75ccee27-7ffe75ccee75 X509_free X509_up_ref 656->661 657->656 659 7ffe75ccedde-7ffe75ccede3 657->659 659->656 659->661 660->601 663 7ffe75cceeab-7ffe75cceeb0 661->663 664 7ffe75ccee77-7ffe75ccee7e 661->664 663->601 664->663 666 7ffe75ccee80-7ffe75ccee85 664->666 666->663 667 7ffe75ccee87-7ffe75cceea5 call 7ffe75c8248c 666->667 667->601 667->663
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494587177.00007FFE75C81000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFE75C80000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494559613.00007FFE75C80000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494587177.00007FFE75CF3000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494687366.00007FFE75CF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494783041.00007FFE75D19000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D1E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D2B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75c80000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: L_sk_new_nullL_sk_pop_freeX509X509_freed2i_
                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                  • API String ID: 1068509327-1507966698
                                                                                                                                                                                                  • Opcode ID: 868516490e95769e0788fa70a196ffa069195a7dcaf6ecd55dd26213b306ddab
                                                                                                                                                                                                  • Instruction ID: 916542ab94ad7750d2178115b309dc1c3954f25cb0062c805d78eeec0ef85b5e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 868516490e95769e0788fa70a196ffa069195a7dcaf6ecd55dd26213b306ddab
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7E1E333B2878186E7619B16D4407AD77A0EB86F84F184138EEAC4BBA5DF3CE551DB01
                                                                                                                                                                                                  Function 00007FF6EB705C70 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 1060 7ff6eb705c70-7ff6eb705cab call 7ff6eb7055f8 call 7ff6eb705600 call 7ff6eb705668 1067 7ff6eb705ed5-7ff6eb705f21 call 7ff6eb6fa970 call 7ff6eb7055f8 call 7ff6eb705600 call 7ff6eb705668 1060->1067 1068 7ff6eb705cb1-7ff6eb705cbc call 7ff6eb705608 1060->1068 1094 7ff6eb70605f-7ff6eb7060cd call 7ff6eb6fa970 call 7ff6eb7015e8 1067->1094 1095 7ff6eb705f27-7ff6eb705f32 call 7ff6eb705608 1067->1095 1068->1067 1074 7ff6eb705cc2-7ff6eb705ccc 1068->1074 1076 7ff6eb705cee-7ff6eb705cf2 1074->1076 1077 7ff6eb705cce-7ff6eb705cd1 1074->1077 1078 7ff6eb705cf5-7ff6eb705cfd 1076->1078 1080 7ff6eb705cd4-7ff6eb705cdf 1077->1080 1078->1078 1083 7ff6eb705cff-7ff6eb705d12 call 7ff6eb6fd66c 1078->1083 1081 7ff6eb705ce1-7ff6eb705ce8 1080->1081 1082 7ff6eb705cea-7ff6eb705cec 1080->1082 1081->1080 1081->1082 1082->1076 1085 7ff6eb705d1b-7ff6eb705d29 1082->1085 1090 7ff6eb705d14-7ff6eb705d16 call 7ff6eb6fa9b8 1083->1090 1091 7ff6eb705d2a-7ff6eb705d36 call 7ff6eb6fa9b8 1083->1091 1090->1085 1101 7ff6eb705d3d-7ff6eb705d45 1091->1101 1113 7ff6eb7060cf-7ff6eb7060d6 1094->1113 1114 7ff6eb7060db-7ff6eb7060de 1094->1114 1095->1094 1104 7ff6eb705f38-7ff6eb705f43 call 7ff6eb705638 1095->1104 1101->1101 1105 7ff6eb705d47-7ff6eb705d58 call 7ff6eb7004e4 1101->1105 1104->1094 1115 7ff6eb705f49-7ff6eb705f6c call 7ff6eb6fa9b8 GetTimeZoneInformation 1104->1115 1105->1067 1112 7ff6eb705d5e-7ff6eb705db4 call 7ff6eb70a540 * 4 call 7ff6eb705b8c 1105->1112 1172 7ff6eb705db6-7ff6eb705dba 1112->1172 1118 7ff6eb70616b-7ff6eb70616e 1113->1118 1119 7ff6eb706115-7ff6eb706128 call 7ff6eb6fd66c 1114->1119 1120 7ff6eb7060e0 1114->1120 1126 7ff6eb706034-7ff6eb70605e call 7ff6eb7055f0 call 7ff6eb7055e0 call 7ff6eb7055e8 1115->1126 1127 7ff6eb705f72-7ff6eb705f93 1115->1127 1123 7ff6eb7060e3 1118->1123 1124 7ff6eb706174-7ff6eb70617c call 7ff6eb705c70 1118->1124 1133 7ff6eb706133-7ff6eb70614e call 7ff6eb7015e8 1119->1133 1134 7ff6eb70612a 1119->1134 1120->1123 1129 7ff6eb7060e8-7ff6eb706114 call 7ff6eb6fa9b8 call 7ff6eb6ec5c0 1123->1129 1130 7ff6eb7060e3 call 7ff6eb705eec 1123->1130 1124->1129 1135 7ff6eb705f95-7ff6eb705f9b 1127->1135 1136 7ff6eb705f9e-7ff6eb705fa5 1127->1136 1130->1129 1156 7ff6eb706155-7ff6eb706167 call 7ff6eb6fa9b8 1133->1156 1157 7ff6eb706150-7ff6eb706153 1133->1157 1141 7ff6eb70612c-7ff6eb706131 call 7ff6eb6fa9b8 1134->1141 1135->1136 1143 7ff6eb705fb9 1136->1143 1144 7ff6eb705fa7-7ff6eb705faf 1136->1144 1141->1120 1153 7ff6eb705fbb-7ff6eb70602f call 7ff6eb70a540 * 4 call 7ff6eb702bcc call 7ff6eb706184 * 2 1143->1153 1144->1143 1149 7ff6eb705fb1-7ff6eb705fb7 1144->1149 1149->1153 1153->1126 1156->1118 1157->1141 1174 7ff6eb705dc0-7ff6eb705dc4 1172->1174 1175 7ff6eb705dbc 1172->1175 1174->1172 1177 7ff6eb705dc6-7ff6eb705deb call 7ff6eb6f6bc8 1174->1177 1175->1174 1183 7ff6eb705dee-7ff6eb705df2 1177->1183 1185 7ff6eb705df4-7ff6eb705dff 1183->1185 1186 7ff6eb705e01-7ff6eb705e05 1183->1186 1185->1186 1188 7ff6eb705e07-7ff6eb705e0b 1185->1188 1186->1183 1191 7ff6eb705e0d-7ff6eb705e35 call 7ff6eb6f6bc8 1188->1191 1192 7ff6eb705e8c-7ff6eb705e90 1188->1192 1200 7ff6eb705e53-7ff6eb705e57 1191->1200 1201 7ff6eb705e37 1191->1201 1193 7ff6eb705e92-7ff6eb705e94 1192->1193 1194 7ff6eb705e97-7ff6eb705ea4 1192->1194 1193->1194 1196 7ff6eb705ebf-7ff6eb705ece call 7ff6eb7055f0 call 7ff6eb7055e0 1194->1196 1197 7ff6eb705ea6-7ff6eb705ebc call 7ff6eb705b8c 1194->1197 1196->1067 1197->1196 1200->1192 1206 7ff6eb705e59-7ff6eb705e77 call 7ff6eb6f6bc8 1200->1206 1204 7ff6eb705e3a-7ff6eb705e41 1201->1204 1204->1200 1207 7ff6eb705e43-7ff6eb705e51 1204->1207 1212 7ff6eb705e83-7ff6eb705e8a 1206->1212 1207->1200 1207->1204 1212->1192 1213 7ff6eb705e79-7ff6eb705e7d 1212->1213 1213->1192 1214 7ff6eb705e7f 1213->1214 1214->1212
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6EB705CB5
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB705608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6EB70561C
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6FA9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF6EB702D92,?,?,?,00007FF6EB702DCF,?,?,00000000,00007FF6EB703295,?,?,?,00007FF6EB7031C7), ref: 00007FF6EB6FA9CE
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6FA9B8: GetLastError.KERNEL32(?,?,?,00007FF6EB702D92,?,?,?,00007FF6EB702DCF,?,?,00000000,00007FF6EB703295,?,?,?,00007FF6EB7031C7), ref: 00007FF6EB6FA9D8
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6FA970: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6EB6FA94F,?,?,?,?,?,00007FF6EB6FA83A), ref: 00007FF6EB6FA979
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6FA970: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6EB6FA94F,?,?,?,?,?,00007FF6EB6FA83A), ref: 00007FF6EB6FA99E
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6EB705CA4
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB705668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6EB70567C
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6EB705F1A
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6EB705F2B
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6EB705F3C
                                                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6EB70617C), ref: 00007FF6EB705F63
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                  • API String ID: 4070488512-239921721
                                                                                                                                                                                                  • Opcode ID: 0c9ae4c43809035ead388df1149d8e15e4647e923e6de7bb59d770bfc2eeda5e
                                                                                                                                                                                                  • Instruction ID: 6014df573c36a118b3b8160d84f56aaf9fcf8f3341c4914f45f8c803902eb1d7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c9ae4c43809035ead388df1149d8e15e4647e923e6de7bb59d770bfc2eeda5e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93D1C223A2824249EF209F21D4903B96761FF4C784F558136EA4DC7EB5EE3FE461874A
                                                                                                                                                                                                  Function 00007FF6EB7069D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 1335 7ff6eb7069d4-7ff6eb706a47 call 7ff6eb706708 1338 7ff6eb706a61-7ff6eb706a6b call 7ff6eb6f8590 1335->1338 1339 7ff6eb706a49-7ff6eb706a52 call 7ff6eb6f4f58 1335->1339 1345 7ff6eb706a6d-7ff6eb706a84 call 7ff6eb6f4f58 call 7ff6eb6f4f78 1338->1345 1346 7ff6eb706a86-7ff6eb706aef CreateFileW 1338->1346 1344 7ff6eb706a55-7ff6eb706a5c call 7ff6eb6f4f78 1339->1344 1359 7ff6eb706da2-7ff6eb706dc2 1344->1359 1345->1344 1349 7ff6eb706af1-7ff6eb706af7 1346->1349 1350 7ff6eb706b6c-7ff6eb706b77 GetFileType 1346->1350 1351 7ff6eb706b39-7ff6eb706b67 GetLastError call 7ff6eb6f4eec 1349->1351 1352 7ff6eb706af9-7ff6eb706afd 1349->1352 1354 7ff6eb706bca-7ff6eb706bd1 1350->1354 1355 7ff6eb706b79-7ff6eb706bb4 GetLastError call 7ff6eb6f4eec CloseHandle 1350->1355 1351->1344 1352->1351 1357 7ff6eb706aff-7ff6eb706b37 CreateFileW 1352->1357 1362 7ff6eb706bd3-7ff6eb706bd7 1354->1362 1363 7ff6eb706bd9-7ff6eb706bdc 1354->1363 1355->1344 1370 7ff6eb706bba-7ff6eb706bc5 call 7ff6eb6f4f78 1355->1370 1357->1350 1357->1351 1367 7ff6eb706be2-7ff6eb706c37 call 7ff6eb6f84a8 1362->1367 1363->1367 1368 7ff6eb706bde 1363->1368 1373 7ff6eb706c39-7ff6eb706c45 call 7ff6eb706910 1367->1373 1374 7ff6eb706c56-7ff6eb706c87 call 7ff6eb706488 1367->1374 1368->1367 1370->1344 1373->1374 1380 7ff6eb706c47 1373->1380 1381 7ff6eb706c8d-7ff6eb706ccf 1374->1381 1382 7ff6eb706c89-7ff6eb706c8b 1374->1382 1383 7ff6eb706c49-7ff6eb706c51 call 7ff6eb6fab30 1380->1383 1384 7ff6eb706cf1-7ff6eb706cfc 1381->1384 1385 7ff6eb706cd1-7ff6eb706cd5 1381->1385 1382->1383 1383->1359 1387 7ff6eb706d02-7ff6eb706d06 1384->1387 1388 7ff6eb706da0 1384->1388 1385->1384 1386 7ff6eb706cd7-7ff6eb706cec 1385->1386 1386->1384 1387->1388 1390 7ff6eb706d0c-7ff6eb706d51 CloseHandle CreateFileW 1387->1390 1388->1359 1392 7ff6eb706d53-7ff6eb706d81 GetLastError call 7ff6eb6f4eec call 7ff6eb6f86d0 1390->1392 1393 7ff6eb706d86-7ff6eb706d9b 1390->1393 1392->1393 1393->1388
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1617910340-0
                                                                                                                                                                                                  • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                  • Instruction ID: 9c4aa14a5043806b8f80df848a5e8f0c1c6dd2b1e426d798bf6a000a8dd8db52
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8DC1BF37B28A4185EF10CFA5C4A02AC3761E749B98F115226DE2E97BF4DF3AE161D305
                                                                                                                                                                                                  Function 00007FF6EB705EEC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6EB705F1A
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB705668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6EB70567C
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6EB705F2B
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB705608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6EB70561C
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6EB705F3C
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB705638: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6EB70564C
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6FA9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF6EB702D92,?,?,?,00007FF6EB702DCF,?,?,00000000,00007FF6EB703295,?,?,?,00007FF6EB7031C7), ref: 00007FF6EB6FA9CE
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6FA9B8: GetLastError.KERNEL32(?,?,?,00007FF6EB702D92,?,?,?,00007FF6EB702DCF,?,?,00000000,00007FF6EB703295,?,?,?,00007FF6EB7031C7), ref: 00007FF6EB6FA9D8
                                                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6EB70617C), ref: 00007FF6EB705F63
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                  • API String ID: 3458911817-239921721
                                                                                                                                                                                                  • Opcode ID: 4f5f64917f1a6fb99e16ec8d4eadf885fc2e5ee96e92320975b551feff7f9d51
                                                                                                                                                                                                  • Instruction ID: 16d4e499768db0ae1114fca955ad79f3a46a0d810765dc12a4538906a94caad0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f5f64917f1a6fb99e16ec8d4eadf885fc2e5ee96e92320975b551feff7f9d51
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E751A233A1864286EB10DF21D9916B96760FB4C784F454136EA4DC3EB6EF3FE520874A
                                                                                                                                                                                                  Function 00007FFE75C81073 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494587177.00007FFE75C81000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFE75C80000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494559613.00007FFE75C80000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494587177.00007FFE75CF3000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494687366.00007FFE75CF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494783041.00007FFE75D19000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D1E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D2B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75c80000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: D_run_once$R_put_error
                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_init.c
                                                                                                                                                                                                  • API String ID: 511881677-1166085723
                                                                                                                                                                                                  • Opcode ID: 91f04b36b7a9a647378ced640847247f196b0a5a763123f69b68787e144f87b1
                                                                                                                                                                                                  • Instruction ID: d6e0fc82615d5493e469aa7b78bf29dc73a9b422ebaae7f0d612399ba8cdc0dd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91f04b36b7a9a647378ced640847247f196b0a5a763123f69b68787e144f87b1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C215E23B2C70786FA41DB19EC603BA6B91AF81F84F494435DA2E861B5DF2CE941D711
                                                                                                                                                                                                  Function 00007FF6EB6E92F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2295610775-0
                                                                                                                                                                                                  • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                  • Instruction ID: a995e34b6a284595fcce01f76d9287d014a473d902608b87e22392cc776caea5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FF06833A1874186FB608B60B85976A7350EF8C764F440335D96D42AF4DF3DD1599B05
                                                                                                                                                                                                  Function 00007FFE759FF8D0 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: InfoSystem
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 31276548-0
                                                                                                                                                                                                  • Opcode ID: f9f7b25920dae3aac1161b1ec18df20630773ad87d50c89e9d98f821025bc521
                                                                                                                                                                                                  • Instruction ID: 730cde8757d0eadd3e29df77644481c0a51fe1d30721d00550c8a5070e4b8a29
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9f7b25920dae3aac1161b1ec18df20630773ad87d50c89e9d98f821025bc521
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CFA1D527A29B0786FEA88F95A85023922A5BF45F44F140935C97E467F0FF6CE893C350
                                                                                                                                                                                                  Function 00007FF6EB6E1950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 670 7ff6eb6e1950-7ff6eb6e198b call 7ff6eb6e45b0 673 7ff6eb6e1c4e-7ff6eb6e1c72 call 7ff6eb6ec5c0 670->673 674 7ff6eb6e1991-7ff6eb6e19d1 call 7ff6eb6e7f80 670->674 679 7ff6eb6e1c3b-7ff6eb6e1c3e call 7ff6eb6f00bc 674->679 680 7ff6eb6e19d7-7ff6eb6e19e7 call 7ff6eb6f0744 674->680 684 7ff6eb6e1c43-7ff6eb6e1c4b 679->684 685 7ff6eb6e19e9-7ff6eb6e1a03 call 7ff6eb6f4f78 call 7ff6eb6e2910 680->685 686 7ff6eb6e1a08-7ff6eb6e1a24 call 7ff6eb6f040c 680->686 684->673 685->679 692 7ff6eb6e1a45-7ff6eb6e1a5a call 7ff6eb6f4f98 686->692 693 7ff6eb6e1a26-7ff6eb6e1a40 call 7ff6eb6f4f78 call 7ff6eb6e2910 686->693 700 7ff6eb6e1a7b-7ff6eb6e1b05 call 7ff6eb6e1c80 * 2 call 7ff6eb6f0744 call 7ff6eb6f4fb4 692->700 701 7ff6eb6e1a5c-7ff6eb6e1a76 call 7ff6eb6f4f78 call 7ff6eb6e2910 692->701 693->679 714 7ff6eb6e1b0a-7ff6eb6e1b14 700->714 701->679 715 7ff6eb6e1b35-7ff6eb6e1b4e call 7ff6eb6f040c 714->715 716 7ff6eb6e1b16-7ff6eb6e1b30 call 7ff6eb6f4f78 call 7ff6eb6e2910 714->716 721 7ff6eb6e1b6f-7ff6eb6e1b8b call 7ff6eb6f0180 715->721 722 7ff6eb6e1b50-7ff6eb6e1b6a call 7ff6eb6f4f78 call 7ff6eb6e2910 715->722 716->679 730 7ff6eb6e1b9e-7ff6eb6e1bac 721->730 731 7ff6eb6e1b8d-7ff6eb6e1b99 call 7ff6eb6e2710 721->731 722->679 730->679 732 7ff6eb6e1bb2-7ff6eb6e1bb9 730->732 731->679 735 7ff6eb6e1bc1-7ff6eb6e1bc7 732->735 737 7ff6eb6e1be0-7ff6eb6e1bef 735->737 738 7ff6eb6e1bc9-7ff6eb6e1bd6 735->738 737->737 739 7ff6eb6e1bf1-7ff6eb6e1bfa 737->739 738->739 740 7ff6eb6e1c0f 739->740 741 7ff6eb6e1bfc-7ff6eb6e1bff 739->741 743 7ff6eb6e1c11-7ff6eb6e1c24 740->743 741->740 742 7ff6eb6e1c01-7ff6eb6e1c04 741->742 742->740 744 7ff6eb6e1c06-7ff6eb6e1c09 742->744 745 7ff6eb6e1c2d-7ff6eb6e1c39 743->745 746 7ff6eb6e1c26 743->746 744->740 747 7ff6eb6e1c0b-7ff6eb6e1c0d 744->747 745->679 745->735 746->745 747->743
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E7F80: _fread_nolock.LIBCMT ref: 00007FF6EB6E802A
                                                                                                                                                                                                  • _fread_nolock.LIBCMT ref: 00007FF6EB6E1A1B
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E2910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6EB6E1B6A), ref: 00007FF6EB6E295E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                  • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                  • API String ID: 2397952137-3497178890
                                                                                                                                                                                                  • Opcode ID: 77f3ed0425ad58c3713d6c45ade55084047c6e6048981ebd7cf00cf8b1b6a4de
                                                                                                                                                                                                  • Instruction ID: dab127ce722ccb2c26020e5d95131d5306677fe2b5b25622ff9f41af61607bb9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77f3ed0425ad58c3713d6c45ade55084047c6e6048981ebd7cf00cf8b1b6a4de
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29819273A0C68685EB20DB15D4503BD23A0EF4CB84F544032DA4DC7BB5EE3EE685A74A
                                                                                                                                                                                                  Function 00007FF6EB6E2180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                  • String ID: P%
                                                                                                                                                                                                  • API String ID: 2147705588-2959514604
                                                                                                                                                                                                  • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                  • Instruction ID: 5431bbdf705ed9dc749c294878d664b57976564c92c70119bae02f2f3c077bc7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7051F8276047A186DA349F26E4182BAB7A1F79CB61F004121EFDE83BA4EF3DD145DB14
                                                                                                                                                                                                  Function 00007FFE75C8146A Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 251COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 758 7ffe75c8146a-7ffe75cc6674 call 7ffe75c812ee * 2 765 7ffe75cc667a-7ffe75cc6691 ERR_clear_error SetLastError 758->765 766 7ffe75cc6a10-7ffe75cc6a2a 758->766 767 7ffe75cc66a1-7ffe75cc66a8 765->767 768 7ffe75cc6693-7ffe75cc669a 765->768 769 7ffe75cc66b6-7ffe75cc66c3 767->769 770 7ffe75cc66aa-7ffe75cc66ae 767->770 768->767 772 7ffe75cc66d5-7ffe75cc66da 769->772 773 7ffe75cc66c5-7ffe75cc66cf call 7ffe75c8188e 769->773 771 7ffe75cc66b0-7ffe75cc66b4 770->771 770->772 771->769 771->772 775 7ffe75cc66e6 772->775 776 7ffe75cc66dc-7ffe75cc66df 772->776 773->766 773->772 777 7ffe75cc66ea-7ffe75cc66f1 775->777 776->777 779 7ffe75cc66e1 776->779 781 7ffe75cc673b-7ffe75cc6750 777->781 782 7ffe75cc66f3-7ffe75cc6701 777->782 780 7ffe75cc6901 779->780 785 7ffe75cc6905-7ffe75cc6908 780->785 786 7ffe75cc67af-7ffe75cc67b9 781->786 787 7ffe75cc6752-7ffe75cc675c 781->787 783 7ffe75cc672d-7ffe75cc6735 782->783 784 7ffe75cc6703-7ffe75cc670a 782->784 783->781 784->783 790 7ffe75cc670c-7ffe75cc671b 784->790 791 7ffe75cc6927-7ffe75cc692a 785->791 792 7ffe75cc690a-7ffe75cc690d call 7ffe75cc6140 785->792 788 7ffe75cc67bb-7ffe75cc67c3 786->788 789 7ffe75cc67c5-7ffe75cc67db call 7ffe75c81faa 786->789 787->789 793 7ffe75cc675e-7ffe75cc6761 787->793 794 7ffe75cc6772-7ffe75cc6790 ERR_put_error 788->794 814 7ffe75cc67e7-7ffe75cc67ee 789->814 815 7ffe75cc67dd-7ffe75cc67e5 789->815 790->783 796 7ffe75cc671d-7ffe75cc6724 790->796 798 7ffe75cc6966-7ffe75cc696a 791->798 799 7ffe75cc692c-7ffe75cc692f call 7ffe75cc6c10 791->799 806 7ffe75cc6912-7ffe75cc6915 792->806 800 7ffe75cc676a 793->800 801 7ffe75cc6763-7ffe75cc6768 793->801 808 7ffe75cc679c-7ffe75cc67aa 794->808 809 7ffe75cc6792-7ffe75cc6796 794->809 796->783 805 7ffe75cc6726-7ffe75cc672b 796->805 802 7ffe75cc696c-7ffe75cc696f 798->802 803 7ffe75cc6971-7ffe75cc6997 ERR_put_error 798->803 818 7ffe75cc6934-7ffe75cc6937 799->818 800->794 801->789 801->800 802->803 811 7ffe75cc69c4-7ffe75cc69e1 ERR_put_error 802->811 812 7ffe75cc6999-7ffe75cc699d 803->812 813 7ffe75cc699f-7ffe75cc69b1 803->813 805->781 805->783 816 7ffe75cc69e6 806->816 817 7ffe75cc691b-7ffe75cc6925 806->817 810 7ffe75cc69e9-7ffe75cc69f7 BUF_MEM_free 808->810 809->808 809->810 810->766 823 7ffe75cc69f9-7ffe75cc6a07 810->823 811->816 812->811 812->813 813->811 819 7ffe75cc69b3-7ffe75cc69bf call 7ffe75c82176 813->819 820 7ffe75cc6830-7ffe75cc683a call 7ffe75c81f5f 814->820 821 7ffe75cc67f0-7ffe75cc67fb call 7ffe75cee519 814->821 815->794 816->810 822 7ffe75cc6956-7ffe75cc695c 817->822 824 7ffe75cc6939-7ffe75cc6944 818->824 825 7ffe75cc6946-7ffe75cc6949 818->825 819->811 835 7ffe75cc683c 820->835 836 7ffe75cc6881-7ffe75cc68a0 call 7ffe75c81ee2 820->836 837 7ffe75cc67fd-7ffe75cc6805 821->837 838 7ffe75cc680a-7ffe75cc681a BUF_MEM_grow 821->838 822->785 828 7ffe75cc695e-7ffe75cc6961 822->828 831 7ffe75cc6a09 823->831 832 7ffe75cc6a0e 823->832 824->822 825->816 827 7ffe75cc694f 825->827 827->822 828->816 831->832 832->766 839 7ffe75cc6844-7ffe75cc6862 ERR_put_error 835->839 846 7ffe75cc68ac-7ffe75cc68b0 836->846 847 7ffe75cc68a2-7ffe75cc68aa 836->847 837->794 841 7ffe75cc6829 838->841 842 7ffe75cc681c-7ffe75cc6824 838->842 843 7ffe75cc686e-7ffe75cc687c 839->843 844 7ffe75cc6864-7ffe75cc6868 839->844 841->820 842->794 843->816 844->816 844->843 848 7ffe75cc68b8-7ffe75cc68bf 846->848 849 7ffe75cc68b2-7ffe75cc68b6 846->849 847->839 850 7ffe75cc68c1-7ffe75cc68ce call 7ffe75c817df 848->850 851 7ffe75cc68f4-7ffe75cc68fc 848->851 849->848 849->850 850->810 854 7ffe75cc68d4-7ffe75cc68e2 850->854 851->780 855 7ffe75cc68ed 854->855 856 7ffe75cc68e4-7ffe75cc68eb 854->856 855->851 856->851 856->855
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494587177.00007FFE75C81000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFE75C80000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494559613.00007FFE75C80000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494587177.00007FFE75CF3000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494687366.00007FFE75CF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494783041.00007FFE75D19000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D1E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D2B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75c80000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_put_error$ErrorLastM_freeM_growR_clear_error
                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem.c
                                                                                                                                                                                                  • API String ID: 2562538362-2512360314
                                                                                                                                                                                                  • Opcode ID: 8a1321320194d3f8be79d776343fc8ab795369ba72742c4461ddce6db339399d
                                                                                                                                                                                                  • Instruction ID: 695d0d2dc50135f35ff2dfcbc8e9dcbca336ddd64f85b20e3027412c42a1708b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a1321320194d3f8be79d776343fc8ab795369ba72742c4461ddce6db339399d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2B16F73A2838286E7648F29D64037937E1EB40F48F184435DA6C4A6A9DF3DE8C5CF42
                                                                                                                                                                                                  Function 00007FFE75C81B4A Relevance: 14.6, APIs: 6, Strings: 2, Instructions: 569COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494587177.00007FFE75C81000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFE75C80000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494559613.00007FFE75C80000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494587177.00007FFE75CF3000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494687366.00007FFE75CF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494783041.00007FFE75D19000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D1E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D2B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75c80000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy$O_clear_flagsO_set_flags
                                                                                                                                                                                                  • String ID: ..\s\ssl\record\rec_layer_s3.c$SSL alert number
                                                                                                                                                                                                  • API String ID: 1692547093-34800109
                                                                                                                                                                                                  • Opcode ID: 83dc37795359d650e557dc592b32f1a2c8f6127fd5ee0c90c97ee6ce0c548c5f
                                                                                                                                                                                                  • Instruction ID: b2723db65eff49cd3e57940d565d793ea60839cc084c01370e53c62c7888962c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 83dc37795359d650e557dc592b32f1a2c8f6127fd5ee0c90c97ee6ce0c548c5f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE42BE33B2878286EA788B11D54437A66A0FB51F94F164135DBAE4BBA0CF3DF495C702
                                                                                                                                                                                                  Function 00007FF6EB6E1470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                  • API String ID: 2050909247-3659356012
                                                                                                                                                                                                  • Opcode ID: 6f24275c4df98d36c4333352a735289faaa3476dabafdeae8125bde8da0909de
                                                                                                                                                                                                  • Instruction ID: 96de67a548be87a283cdca1c858ce000c344535833dc762cb9e118656a27c08b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f24275c4df98d36c4333352a735289faaa3476dabafdeae8125bde8da0909de
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F418063A0864285EB10DF2198107B963A0FF4C784F944432ED1D87BB9DE3EE645A74A
                                                                                                                                                                                                  Function 00007FF6EB6E1210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 1398 7ff6eb6e1210-7ff6eb6e126d call 7ff6eb6ebdf0 1401 7ff6eb6e126f-7ff6eb6e1296 call 7ff6eb6e2710 1398->1401 1402 7ff6eb6e1297-7ff6eb6e12af call 7ff6eb6f4fb4 1398->1402 1407 7ff6eb6e12d4-7ff6eb6e12e4 call 7ff6eb6f4fb4 1402->1407 1408 7ff6eb6e12b1-7ff6eb6e12cf call 7ff6eb6f4f78 call 7ff6eb6e2910 1402->1408 1414 7ff6eb6e12e6-7ff6eb6e1304 call 7ff6eb6f4f78 call 7ff6eb6e2910 1407->1414 1415 7ff6eb6e1309-7ff6eb6e131b 1407->1415 1419 7ff6eb6e1439-7ff6eb6e146d call 7ff6eb6ebad0 call 7ff6eb6f4fa0 * 2 1408->1419 1414->1419 1418 7ff6eb6e1320-7ff6eb6e1345 call 7ff6eb6f040c 1415->1418 1425 7ff6eb6e1431 1418->1425 1426 7ff6eb6e134b-7ff6eb6e1355 call 7ff6eb6f0180 1418->1426 1425->1419 1426->1425 1434 7ff6eb6e135b-7ff6eb6e1367 1426->1434 1435 7ff6eb6e1370-7ff6eb6e1398 call 7ff6eb6ea230 1434->1435 1439 7ff6eb6e139a-7ff6eb6e139d 1435->1439 1440 7ff6eb6e1416-7ff6eb6e142c call 7ff6eb6e2710 1435->1440 1441 7ff6eb6e139f-7ff6eb6e13a9 1439->1441 1442 7ff6eb6e1411 1439->1442 1440->1425 1444 7ff6eb6e13d4-7ff6eb6e13d7 1441->1444 1445 7ff6eb6e13ab-7ff6eb6e13b9 call 7ff6eb6f0b4c 1441->1445 1442->1440 1446 7ff6eb6e13ea-7ff6eb6e13ef 1444->1446 1447 7ff6eb6e13d9-7ff6eb6e13e7 call 7ff6eb709ea0 1444->1447 1451 7ff6eb6e13be-7ff6eb6e13c1 1445->1451 1446->1435 1450 7ff6eb6e13f5-7ff6eb6e13f8 1446->1450 1447->1446 1453 7ff6eb6e13fa-7ff6eb6e13fd 1450->1453 1454 7ff6eb6e140c-7ff6eb6e140f 1450->1454 1455 7ff6eb6e13c3-7ff6eb6e13cd call 7ff6eb6f0180 1451->1455 1456 7ff6eb6e13cf-7ff6eb6e13d2 1451->1456 1453->1440 1457 7ff6eb6e13ff-7ff6eb6e1407 1453->1457 1454->1425 1455->1446 1455->1456 1456->1440 1457->1418
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                  • API String ID: 2050909247-2813020118
                                                                                                                                                                                                  • Opcode ID: 0b5013f5f870f7cae77ecf98530c21c389e5cec2844a5ea480190327faaa8b33
                                                                                                                                                                                                  • Instruction ID: a37595e9339618c5ffbd16f87bea5985aa402c7ceaaefafccb6dc1aa5cfe9b35
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b5013f5f870f7cae77ecf98530c21c389e5cec2844a5ea480190327faaa8b33
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1510523A0864285EA209F11A8103BE63A1FF8C794F544131ED4DC7BF5EE3EE645E706
                                                                                                                                                                                                  Function 00007FF6EB6E36B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,00007FF6EB6E3804), ref: 00007FF6EB6E36E1
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF6EB6E3804), ref: 00007FF6EB6E36EB
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6EB6E3706,?,00007FF6EB6E3804), ref: 00007FF6EB6E2C9E
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6EB6E3706,?,00007FF6EB6E3804), ref: 00007FF6EB6E2D63
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E2C50: MessageBoxW.USER32 ref: 00007FF6EB6E2D99
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                  • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                  • API String ID: 3187769757-2863816727
                                                                                                                                                                                                  • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                  • Instruction ID: 46265f618b0c3957feb2741e9c3188942ef334cd47395bf4fdda2e9a286175b5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3213063B1864291FE219720EC553BA2361BF8C354F804232E55DC66F5FE2EE609D70E
                                                                                                                                                                                                  Function 00007FF6EB6FBACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 1559 7ff6eb6fbacc-7ff6eb6fbaf2 1560 7ff6eb6fbaf4-7ff6eb6fbb08 call 7ff6eb6f4f58 call 7ff6eb6f4f78 1559->1560 1561 7ff6eb6fbb0d-7ff6eb6fbb11 1559->1561 1579 7ff6eb6fbefe 1560->1579 1563 7ff6eb6fbee7-7ff6eb6fbef3 call 7ff6eb6f4f58 call 7ff6eb6f4f78 1561->1563 1564 7ff6eb6fbb17-7ff6eb6fbb1e 1561->1564 1581 7ff6eb6fbef9 call 7ff6eb6fa950 1563->1581 1564->1563 1566 7ff6eb6fbb24-7ff6eb6fbb52 1564->1566 1566->1563 1570 7ff6eb6fbb58-7ff6eb6fbb5f 1566->1570 1573 7ff6eb6fbb61-7ff6eb6fbb73 call 7ff6eb6f4f58 call 7ff6eb6f4f78 1570->1573 1574 7ff6eb6fbb78-7ff6eb6fbb7b 1570->1574 1573->1581 1577 7ff6eb6fbee3-7ff6eb6fbee5 1574->1577 1578 7ff6eb6fbb81-7ff6eb6fbb87 1574->1578 1582 7ff6eb6fbf01-7ff6eb6fbf18 1577->1582 1578->1577 1583 7ff6eb6fbb8d-7ff6eb6fbb90 1578->1583 1579->1582 1581->1579 1583->1573 1586 7ff6eb6fbb92-7ff6eb6fbbb7 1583->1586 1588 7ff6eb6fbbea-7ff6eb6fbbf1 1586->1588 1589 7ff6eb6fbbb9-7ff6eb6fbbbb 1586->1589 1590 7ff6eb6fbbf3-7ff6eb6fbc1b call 7ff6eb6fd66c call 7ff6eb6fa9b8 * 2 1588->1590 1591 7ff6eb6fbbc6-7ff6eb6fbbdd call 7ff6eb6f4f58 call 7ff6eb6f4f78 call 7ff6eb6fa950 1588->1591 1592 7ff6eb6fbbe2-7ff6eb6fbbe8 1589->1592 1593 7ff6eb6fbbbd-7ff6eb6fbbc4 1589->1593 1622 7ff6eb6fbc1d-7ff6eb6fbc33 call 7ff6eb6f4f78 call 7ff6eb6f4f58 1590->1622 1623 7ff6eb6fbc38-7ff6eb6fbc63 call 7ff6eb6fc2f4 1590->1623 1620 7ff6eb6fbd70 1591->1620 1594 7ff6eb6fbc68-7ff6eb6fbc7f 1592->1594 1593->1591 1593->1592 1597 7ff6eb6fbc81-7ff6eb6fbc89 1594->1597 1598 7ff6eb6fbcfa-7ff6eb6fbd04 call 7ff6eb70398c 1594->1598 1597->1598 1601 7ff6eb6fbc8b-7ff6eb6fbc8d 1597->1601 1611 7ff6eb6fbd8e 1598->1611 1612 7ff6eb6fbd0a-7ff6eb6fbd1f 1598->1612 1601->1598 1605 7ff6eb6fbc8f-7ff6eb6fbca5 1601->1605 1605->1598 1609 7ff6eb6fbca7-7ff6eb6fbcb3 1605->1609 1609->1598 1616 7ff6eb6fbcb5-7ff6eb6fbcb7 1609->1616 1618 7ff6eb6fbd93-7ff6eb6fbdb3 ReadFile 1611->1618 1612->1611 1614 7ff6eb6fbd21-7ff6eb6fbd33 GetConsoleMode 1612->1614 1614->1611 1619 7ff6eb6fbd35-7ff6eb6fbd3d 1614->1619 1616->1598 1621 7ff6eb6fbcb9-7ff6eb6fbcd1 1616->1621 1624 7ff6eb6fbead-7ff6eb6fbeb6 GetLastError 1618->1624 1625 7ff6eb6fbdb9-7ff6eb6fbdc1 1618->1625 1619->1618 1627 7ff6eb6fbd3f-7ff6eb6fbd61 ReadConsoleW 1619->1627 1630 7ff6eb6fbd73-7ff6eb6fbd7d call 7ff6eb6fa9b8 1620->1630 1621->1598 1631 7ff6eb6fbcd3-7ff6eb6fbcdf 1621->1631 1622->1620 1623->1594 1628 7ff6eb6fbed3-7ff6eb6fbed6 1624->1628 1629 7ff6eb6fbeb8-7ff6eb6fbece call 7ff6eb6f4f78 call 7ff6eb6f4f58 1624->1629 1625->1624 1633 7ff6eb6fbdc7 1625->1633 1635 7ff6eb6fbd63 GetLastError 1627->1635 1636 7ff6eb6fbd82-7ff6eb6fbd8c 1627->1636 1639 7ff6eb6fbedc-7ff6eb6fbede 1628->1639 1640 7ff6eb6fbd69-7ff6eb6fbd6b call 7ff6eb6f4eec 1628->1640 1629->1620 1630->1582 1631->1598 1641 7ff6eb6fbce1-7ff6eb6fbce3 1631->1641 1643 7ff6eb6fbdce-7ff6eb6fbde3 1633->1643 1635->1640 1636->1643 1639->1630 1640->1620 1641->1598 1648 7ff6eb6fbce5-7ff6eb6fbcf5 1641->1648 1643->1630 1644 7ff6eb6fbde5-7ff6eb6fbdf0 1643->1644 1650 7ff6eb6fbdf2-7ff6eb6fbe0b call 7ff6eb6fb6e4 1644->1650 1651 7ff6eb6fbe17-7ff6eb6fbe1f 1644->1651 1648->1598 1658 7ff6eb6fbe10-7ff6eb6fbe12 1650->1658 1655 7ff6eb6fbe21-7ff6eb6fbe33 1651->1655 1656 7ff6eb6fbe9b-7ff6eb6fbea8 call 7ff6eb6fb524 1651->1656 1660 7ff6eb6fbe35 1655->1660 1661 7ff6eb6fbe8e-7ff6eb6fbe96 1655->1661 1656->1658 1658->1630 1663 7ff6eb6fbe3a-7ff6eb6fbe41 1660->1663 1661->1630 1664 7ff6eb6fbe43-7ff6eb6fbe47 1663->1664 1665 7ff6eb6fbe7d-7ff6eb6fbe88 1663->1665 1666 7ff6eb6fbe63 1664->1666 1667 7ff6eb6fbe49-7ff6eb6fbe50 1664->1667 1665->1661 1669 7ff6eb6fbe69-7ff6eb6fbe79 1666->1669 1667->1666 1668 7ff6eb6fbe52-7ff6eb6fbe56 1667->1668 1668->1666 1670 7ff6eb6fbe58-7ff6eb6fbe61 1668->1670 1669->1663 1671 7ff6eb6fbe7b 1669->1671 1670->1669 1671->1661
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: ba46bac31fe72f1dd681b3566344db0dd8f54c3f22ac6e326a6392c95ac81308
                                                                                                                                                                                                  • Instruction ID: f1d69c51edbabb22e75b5d5188142adebccc781bf2976b9ca063be4fb6d56449
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ba46bac31fe72f1dd681b3566344db0dd8f54c3f22ac6e326a6392c95ac81308
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81C1D423A1C68681E7609F1594403BD7B61EB89BC0F794131EA4E837F1CF7EE855970A
                                                                                                                                                                                                  Function 00007FF6EB6E6350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                  • API String ID: 2050909247-2434346643
                                                                                                                                                                                                  • Opcode ID: 113c6b1de756f4b5b5eb6aeb9c43a8ac160651dc44d73755d1f433b83002bd4c
                                                                                                                                                                                                  • Instruction ID: 6097fb1825a99f31dc9c279716138a7f260c15fcf43e243dca85095c83438427
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 113c6b1de756f4b5b5eb6aeb9c43a8ac160651dc44d73755d1f433b83002bd4c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA416D33A0868691EA11DB60E8143EE6321FB5C384F804132EA5D876F5EF3EE715D746
                                                                                                                                                                                                  Function 00007FFE75C81497 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 190COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494587177.00007FFE75C81000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFE75C80000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494559613.00007FFE75C80000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494587177.00007FFE75CF3000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494687366.00007FFE75CF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494783041.00007FFE75D19000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D1E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D2B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75c80000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy$ErrorLastO_read
                                                                                                                                                                                                  • String ID: ..\s\ssl\record\rec_layer_s3.c
                                                                                                                                                                                                  • API String ID: 1958097105-2209325370
                                                                                                                                                                                                  • Opcode ID: a0ad00169d8610e4f6a8572f508db620e7534931c9619d3e0bdf9395d606371b
                                                                                                                                                                                                  • Instruction ID: 7afc55760a49cab70d5e654764f3f263fad11939ffff68c0d436bea890f4ee37
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a0ad00169d8610e4f6a8572f508db620e7534931c9619d3e0bdf9395d606371b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C817073A18B8681EB909F25D4443B967A0FB44F98F5A8135DE6D07BA8DF38E446C342
                                                                                                                                                                                                  Function 00007FF6EB6E2390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                  • String ID: Unhandled exception in script
                                                                                                                                                                                                  • API String ID: 3081866767-2699770090
                                                                                                                                                                                                  • Opcode ID: dd10c28d74256616f4f20b34f0e4914686707bcd8d030bd0fddff274f11205b5
                                                                                                                                                                                                  • Instruction ID: c3f026819ec81fc508b58ec036974f6f882e1449089c3e1819fc65da0a5c3352
                                                                                                                                                                                                  • Opcode Fuzzy Hash: dd10c28d74256616f4f20b34f0e4914686707bcd8d030bd0fddff274f11205b5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B314F7361968289EB20DF21E8553F96361FF8C784F540136EA4D8BB69DF3DD2058706
                                                                                                                                                                                                  Function 00007FFE75CC6140 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 213COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494587177.00007FFE75C81000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFE75C80000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494559613.00007FFE75C80000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494587177.00007FFE75CF3000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494687366.00007FFE75CF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494783041.00007FFE75D19000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D1E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D2B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75c80000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem.c
                                                                                                                                                                                                  • API String ID: 0-2512360314
                                                                                                                                                                                                  • Opcode ID: fb66d44e37301280235bd46d38aac8bf1c4ed33a725bc277046205dab9185611
                                                                                                                                                                                                  • Instruction ID: 86fad46c431177aba6b8de040e66b7e3052f1c9395224b72c9978c5cd7997f0f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fb66d44e37301280235bd46d38aac8bf1c4ed33a725bc277046205dab9185611
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22A15B73A1878285EB64CF29D5543B937A0EB44F48F584039CA6E477A9CF7DE486CB02
                                                                                                                                                                                                  Function 00007FF6EB6FF9FC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _get_daylight$_isindst
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4170891091-0
                                                                                                                                                                                                  • Opcode ID: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                  • Instruction ID: 995ea29b1851e48c0781738dfc51035fe9a2235ed665eac8de02f970be4343fa
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14510873F091128AFB24DF6499917BC37A1AB58398F600136DE1ED3AF5DF3AA4018705
                                                                                                                                                                                                  Function 00007FF6EB6F57EC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2780335769-0
                                                                                                                                                                                                  • Opcode ID: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                  • Instruction ID: 8788d106c49c7f772e7c8b2985b0d60882650d140030c854f5280a0043a22838
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0519C23E086818AFB14DFB1D4503BD27A1FB48B98F244435DE0D97AA8DF39D951D706
                                                                                                                                                                                                  Function 00007FF6EB6F5698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1279662727-0
                                                                                                                                                                                                  • Opcode ID: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                  • Instruction ID: cd2f1c40fd28773b8491bc382a644c195a4105b2773c10c72e77d626fce2d7dc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A241C623D1878183E7109F2095503796760FB98758F208335E65C83AF1DF7DA5E09745
                                                                                                                                                                                                  Function 00007FF6EB6E20C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1956198572-0
                                                                                                                                                                                                  • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                  • Instruction ID: f80268912ffb31342a52c6398086385710ec3ea0b57a2ec3592d188c99218f58
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B011E923A1C14242FA548B6AE9443BE5352EB8C7C0F484031FB4987BB9DD2FD795930A
                                                                                                                                                                                                  Function 00007FFE75CA70C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494587177.00007FFE75C81000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFE75C80000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494559613.00007FFE75C80000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494587177.00007FFE75CF3000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494687366.00007FFE75CF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494783041.00007FFE75D19000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D1E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D2B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75c80000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: C_get_current_jobR_put_error
                                                                                                                                                                                                  • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                  • API String ID: 4281227279-1080266419
                                                                                                                                                                                                  • Opcode ID: e227a2b945972b0983b15e26908c29fd1e5b18981b506ffed2e6ad63fb2dc330
                                                                                                                                                                                                  • Instruction ID: ba38f11403a77a0e2bbb87515209a82ff354c0170b1dbe9ca194fdb81dd5fd9f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e227a2b945972b0983b15e26908c29fd1e5b18981b506ffed2e6ad63fb2dc330
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23219023B2874682E740DB25E8413AD27D0FB88F84F590231EB6D427AADF3CE5818A41
                                                                                                                                                                                                  Function 00007FFE75CC652A Relevance: 4.8, APIs: 3, Instructions: 350COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494587177.00007FFE75C81000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFE75C80000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494559613.00007FFE75C80000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494587177.00007FFE75CF3000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494687366.00007FFE75CF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494783041.00007FFE75D19000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D1E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D2B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75c80000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLastM_freeR_clear_error
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1231514297-0
                                                                                                                                                                                                  • Opcode ID: ff43006544f348e3048398159edfdbb45dc07a4a4d076fe4cc9f01bb488bd133
                                                                                                                                                                                                  • Instruction ID: 138b460e5faec9784ff9c804faa3f64500288c624e49a907e93cad0108c24636
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff43006544f348e3048398159edfdbb45dc07a4a4d076fe4cc9f01bb488bd133
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F31B233A2838286EB648F19964033933A0EB40F54F184431DE5D4B7A9DF39E8D2CF42
                                                                                                                                                                                                  Function 00007FF6EB6ECCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3251591375-0
                                                                                                                                                                                                  • Opcode ID: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                  • Instruction ID: 9c15a311a10ae226a1110e00dbd5b09ebfb08dcceafb1a48b3f4d4aabec50044
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6315723E0920345EA14AB6498223BD2792AF49384F445435E90DCB6F3DE2FF705E74B
                                                                                                                                                                                                  Function 00007FFE75C81CF8 Relevance: 4.6, APIs: 3, Instructions: 88COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494587177.00007FFE75C81000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFE75C80000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494559613.00007FFE75C80000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494587177.00007FFE75CF3000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494687366.00007FFE75CF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494783041.00007FFE75D19000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D1E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D2B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75c80000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLastM_freeR_clear_error
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1231514297-0
                                                                                                                                                                                                  • Opcode ID: c6d810e0a92dfab2f57800588eaa3bba5a0c0cbf05fe10e2817728c59d1b6220
                                                                                                                                                                                                  • Instruction ID: cf2e20c9fb72d77e857e7dcd0e1ecd5223341da968a3b8d8a23607b706d87cc7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c6d810e0a92dfab2f57800588eaa3bba5a0c0cbf05fe10e2817728c59d1b6220
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C316133A2838286E7649E1996413397391EB40F54F184435DD5D5B7A9DF3DE8C2CF42
                                                                                                                                                                                                  Function 00007FF6EB6F9AA0 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                                                  • Opcode ID: 230ddfbeb2cfdc83e04e02b0fbb537ff9f96aef2fd2a5ab3fdce6eee95276a48
                                                                                                                                                                                                  • Instruction ID: 1a40a6e2e3e581fcc9e08905cb163ebe4ed556f25e08c717daf5f49ade949351
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 230ddfbeb2cfdc83e04e02b0fbb537ff9f96aef2fd2a5ab3fdce6eee95276a48
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24D06C22B0864642EA182F7058A93781B52AF8CB45F241439C80B867F3ED2FE959930A
                                                                                                                                                                                                  Function 00007FFE75CC6C10 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 213COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494587177.00007FFE75C81000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFE75C80000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494559613.00007FFE75C80000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494587177.00007FFE75CF3000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494687366.00007FFE75CF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494783041.00007FFE75D19000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D1E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D2B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75c80000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_put_error
                                                                                                                                                                                                  • String ID: ..\s\ssl\statem\statem.c
                                                                                                                                                                                                  • API String ID: 1767461275-2512360314
                                                                                                                                                                                                  • Opcode ID: 26070a851bc5fec5e0ac0af166cc9bccace918524719dc3056e362111579dbb8
                                                                                                                                                                                                  • Instruction ID: cdcc13614d1babe7854150f5d05ca2e7ce9c07b2859faebe1bb66128fe61051f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 26070a851bc5fec5e0ac0af166cc9bccace918524719dc3056e362111579dbb8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F919033A2878286EB649F29D5543B933A0FB41F88F480136DA5D476A4DF3DE985CB42
                                                                                                                                                                                                  Function 00007FF6EB6F01AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                  • Instruction ID: 8b6538c38f17ddfc8acd982dabb06415738a4e875d8c161624c02868f5ab74fb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A351E763B0924386EF299E65940077A6391BF4CBA4F344734DE6C837E5CF3EE401A61A
                                                                                                                                                                                                  Function 00007FF6EB6FC1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2976181284-0
                                                                                                                                                                                                  • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                  • Instruction ID: ae4368f8e5423bf0fca9b887d80b91db67cce29496d108258a9e20408392643a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD110462608A4181DA108B25A8102696361FB49BF0F640331EE7D8BBF8CF3DD0118705
                                                                                                                                                                                                  Function 00007FF6EB6F5994 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EB6F58A9), ref: 00007FF6EB6F59C7
                                                                                                                                                                                                  • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EB6F58A9), ref: 00007FF6EB6F59DD
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1707611234-0
                                                                                                                                                                                                  • Opcode ID: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                  • Instruction ID: bd29f92115eb1813b16d6b9556add2471e6c3da9e2c4a02ccbc48961f02ee073
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA11913361C65282EA548F11A45123AB760FB88775F600236FAADC1AF8EF2ED524DB05
                                                                                                                                                                                                  Function 00007FF6EB6FA9B8 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(?,?,?,00007FF6EB702D92,?,?,?,00007FF6EB702DCF,?,?,00000000,00007FF6EB703295,?,?,?,00007FF6EB7031C7), ref: 00007FF6EB6FA9CE
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF6EB702D92,?,?,?,00007FF6EB702DCF,?,?,00000000,00007FF6EB703295,?,?,?,00007FF6EB7031C7), ref: 00007FF6EB6FA9D8
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 485612231-0
                                                                                                                                                                                                  • Opcode ID: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                  • Instruction ID: b21c00616d2c823b2a9010b44ae4cb3fbbeac86807e913109098522fedb6bb44
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13E08653F1920342FF145FB254953381761AF8C740F554035D91DC67B1EE2E6995931A
                                                                                                                                                                                                  Function 00007FF6EB6FABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00007FF6EB6FAA45,?,?,00000000,00007FF6EB6FAAFA), ref: 00007FF6EB6FAC36
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF6EB6FAA45,?,?,00000000,00007FF6EB6FAAFA), ref: 00007FF6EB6FAC40
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseErrorHandleLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 918212764-0
                                                                                                                                                                                                  • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                  • Instruction ID: e209b7c539fd28197e0d2408eddeadd5b82987c5fa4a09db3846ec8a2ba20f22
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F21A413F1C64241FE905B61949037D13A29F8C790F2C4275DA1EC77F1CE6EE445A34A
                                                                                                                                                                                                  Function 00007FF6EB6FBF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                  • Instruction ID: f8981343ec41f30830113aaedfecd83017e3c5e9fe240372df73e77f5dae4a74
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E541B23391920187EA34DF19E54137977A4EB5AB84F280131DA8EC76A1CF2FE442DB5A
                                                                                                                                                                                                  Function 00007FFE75CC6230 Relevance: 1.6, APIs: 1, Instructions: 103COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • BUF_MEM_grow_clean.LIBCRYPTO-1_1(?,?,?,?,?,-00000031,00007FFE75CC6912), ref: 00007FFE75CC62EC
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494587177.00007FFE75C81000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFE75C80000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494559613.00007FFE75C80000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494587177.00007FFE75CF3000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494687366.00007FFE75CF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494783041.00007FFE75D19000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D1E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D2B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75c80000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: M_grow_clean
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 964628749-0
                                                                                                                                                                                                  • Opcode ID: 92490c80729e825d4e58561fcd9fff08d20d4a8e6e7aa94c37604a550c9e1e8f
                                                                                                                                                                                                  • Instruction ID: 020239bb36ae6b91d8c3e79a300963e5dbcdf22013aea6f37bce6c167f0cd874
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 92490c80729e825d4e58561fcd9fff08d20d4a8e6e7aa94c37604a550c9e1e8f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4D414833A1978685EB64CF29D6503783791EB84F98F4C8135CA6E477A9DF38E885CB01
                                                                                                                                                                                                  Function 00007FF6EB6E7F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _fread_nolock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 840049012-0
                                                                                                                                                                                                  • Opcode ID: 7cd4cfd81d0d53b697289b66fb97d747721f7d487f9ab2a1654262a67919c524
                                                                                                                                                                                                  • Instruction ID: 09602021bfae4181b6c7316c5f6e5fbb99dc836ebb40925e1909271a79b7d695
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7cd4cfd81d0d53b697289b66fb97d747721f7d487f9ab2a1654262a67919c524
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3321B122B0865285FE119A1269043BE9751BF4DBD4F8C4430EE4D8BBA6CE3EF141970A
                                                                                                                                                                                                  Function 00007FF6EB6FB9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: e965e93cbe1d72adb8351a0dc15ff4730447cd31f91a428760958f4d16ec249d
                                                                                                                                                                                                  • Instruction ID: 6f461d51dba585280de45231a3c7ab35e8b0591da82c2db3cc18a03e839965ac
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e965e93cbe1d72adb8351a0dc15ff4730447cd31f91a428760958f4d16ec249d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3631A023E2C64285F7515F55884137C2B60EB88B94F694135EA2D837F2CF7EE441A72A
                                                                                                                                                                                                  Function 00007FFE75C81E38 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494587177.00007FFE75C81000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFE75C80000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494559613.00007FFE75C80000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494587177.00007FFE75CF3000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494687366.00007FFE75CF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494783041.00007FFE75D19000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D1E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D2B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75c80000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_ctrl
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3605655398-0
                                                                                                                                                                                                  • Opcode ID: 3c1b6e9dbcb6193dcf477490acdcc5181f4d0665b0bcae414083e0a9d1263214
                                                                                                                                                                                                  • Instruction ID: ae12919a7b86d17e6fef74ae050895c88320758d19747128e2f31d7916fc2ae5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c1b6e9dbcb6193dcf477490acdcc5181f4d0665b0bcae414083e0a9d1263214
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C316933618B8586D7508F65E440BAA77A0F789F88F084136EE9C4BB59CF79C1858B11
                                                                                                                                                                                                  Function 00007FF6EB6F99D1 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3947729631-0
                                                                                                                                                                                                  • Opcode ID: c67799cafce48778543f3f8f4be5d8193b6380671b5390c3378b203fc6564281
                                                                                                                                                                                                  • Instruction ID: 8328ba511c8d1f88e54f3e00df94a7cad2eb30bf1dc531cef5082fe95164a14f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c67799cafce48778543f3f8f4be5d8193b6380671b5390c3378b203fc6564281
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90217F32A04782CAEB248F68C4443EC37A5FB48718F644636D62D86AE5DF39D544DB45
                                                                                                                                                                                                  Function 00007FF6EB6F6004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                  • Instruction ID: 254ade00f76902564c8b9d652bd391c0f56c6f61e369a11a8de8480d6366bf81
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B119623A1E64142EA609F11940137DA760BF8DB88F654071EF4DD7AB6DF3ED800AB4A
                                                                                                                                                                                                  Function 00007FF6EB7063C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                  • Instruction ID: 93d32349562a76f003347f1bfcbd17af38ed6abead1085b0d4eaf00935608c04
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B321B37361C64286DB618F58E450379B6A0EB88B54F240235E69DC7AF5EF3ED4109B05
                                                                                                                                                                                                  Function 00007FF6EB6F042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                  • Instruction ID: 0fdc4e2ff3eb77f0360eef7c75af362bb5bb96bd170e19435c4c8aae685d9ff6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A201C823E0874281EE14DF525901269A791BF89FE0F684631DE6C97BF6DE3ED4015309
                                                                                                                                                                                                  Function 00007FFE75CC5FE0 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494587177.00007FFE75C81000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFE75C80000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494559613.00007FFE75C80000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494587177.00007FFE75CF3000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494687366.00007FFE75CF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494783041.00007FFE75D19000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D1E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D2B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75c80000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: R_put_error
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1767461275-0
                                                                                                                                                                                                  • Opcode ID: 2d199d9f4f108162e85cd4e5c396f18b2cf9314a5d4872b565a6e1705a2e1dcc
                                                                                                                                                                                                  • Instruction ID: 9700b4c493e2b0a285882fd9c0ccdda0eb7f4974cdaa17fa104760ae946c2dc3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d199d9f4f108162e85cd4e5c396f18b2cf9314a5d4872b565a6e1705a2e1dcc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D01623362838186D7645F29D50436976A0EB85B88F184135EA6D477F9DA3DD880CF05
                                                                                                                                                                                                  Function 00007FFE75C81C58 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494587177.00007FFE75C81000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFE75C80000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494559613.00007FFE75C80000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494587177.00007FFE75CF3000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494687366.00007FFE75CF6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494783041.00007FFE75D19000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D1E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D24000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494815781.00007FFE75D2B000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75c80000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: O_ctrl
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3605655398-0
                                                                                                                                                                                                  • Opcode ID: fa439f07f6e2fc9af08a18eda61c13a97e49bc09e3200f612c9aa12797af5a79
                                                                                                                                                                                                  • Instruction ID: 5be78b2d49efc4116202434a0e38821ea953ead1528c31d6f92b531c5b565a04
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa439f07f6e2fc9af08a18eda61c13a97e49bc09e3200f612c9aa12797af5a79
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DDE0D8F3F1424242F7604B788456F682290DB88B14F680030DE1CC6692E6ADE8D28B05
                                                                                                                                                                                                  Function 00007FF6EB6E9070 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6EB6E45E4,00000000,00007FF6EB6E1985), ref: 00007FF6EB6E9439
                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00007FF6EB6E6466,?,00007FF6EB6E336E), ref: 00007FF6EB6E9092
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2592636585-0
                                                                                                                                                                                                  • Opcode ID: 7140f7c55cf735ced6a4f02887063d730e60c19ae08c919a697b9dfe54228ee6
                                                                                                                                                                                                  • Instruction ID: be8b93411d60871eaee024889da0f8fb687bd315e21b43ff28dd1a148ddb4130
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7140f7c55cf735ced6a4f02887063d730e60c19ae08c919a697b9dfe54228ee6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11D0C212F2424641EF54AB67BA467395252AFCDBC4F98C035EE1D43B6AEC3EC0514B04
                                                                                                                                                                                                  Function 00007FF6EB6FD66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,?,00007FF6EB6F0D00,?,?,?,00007FF6EB6F236A,?,?,?,?,?,00007FF6EB6F3B59), ref: 00007FF6EB6FD6AA
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                  • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                  • Instruction ID: 7c883a7c9cc67130374d552adc61a605f9493c9ee90154c25b9d97304917a6a0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F8F03412A0920244FE646BA1595137923904F9CBA0F290230EC2ED67F2EE2FB490A21A

                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                  Function 00007FF6EB6E8BD0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                  • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                  • API String ID: 3832162212-3165540532
                                                                                                                                                                                                  • Opcode ID: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                  • Instruction ID: dbe696ff4376f6341c846e7cb31777324999363679d5887d256e57e9b00ccf71
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3D17133A08A8286EB108F34E8543AD7764FB88B58F500236DA5D83BB4EF3ED654D745
                                                                                                                                                                                                  Function 00007FFE75D33229 Relevance: 21.3, APIs: 14, Instructions: 251fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494950414.00007FFE75D31000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFE75D30000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494917275.00007FFE75D30000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D3D000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D95000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DA9000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DB9000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DCD000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75F7C000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75F7E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75FA9000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75FDA000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE76000000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE76026000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495610994.00007FFE7604E000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495645829.00007FFE76054000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76056000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76072000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76076000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75d30000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ByteCharMultiWide_errno$FileFind$ErrorFirstLastNextfreemallocmemset
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3372420414-0
                                                                                                                                                                                                  • Opcode ID: b84a2f744cee5a13916b1079a4c81b9897484e08d179ab741295abe408a7cb8c
                                                                                                                                                                                                  • Instruction ID: 04d488d981a13f16a15c719c3f5a7cf831c6d547616939e8352e14422700cd56
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b84a2f744cee5a13916b1079a4c81b9897484e08d179ab741295abe408a7cb8c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69B1C023A28B8286EB208F65D94427D77A1FF5AFA4F449235DA7D477A4EF7DE0418300
                                                                                                                                                                                                  Function 00007FFE75AAC4D0 Relevance: 20.0, APIs: 2, Strings: 11, Instructions: 456COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcmpmemcpy
                                                                                                                                                                                                  • String ID: %s mode not allowed: %s$access$cach$cach$cache$file$invalid uri authority: %.*s$localhos$mode$no such %s mode: %s$no such vfs: %s
                                                                                                                                                                                                  • API String ID: 1784268899-1330295256
                                                                                                                                                                                                  • Opcode ID: f5d02b13d15540b67cfce7544ed0eb3576d53136d69c3bcba9e99a5cdb429597
                                                                                                                                                                                                  • Instruction ID: b45fd3c9c52ff9d09a6d40e8ecef5ba2c8f3d3caadb568c0610eb57aca865742
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5d02b13d15540b67cfce7544ed0eb3576d53136d69c3bcba9e99a5cdb429597
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DB02D173A2C78285FB66CB2498603796B91AF51FA4F044235EABE427E5DF3DE8458700
                                                                                                                                                                                                  Function 00007FFE75A1B7C0 Relevance: 12.4, APIs: 1, Strings: 7, Instructions: 427COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memset
                                                                                                                                                                                                  • String ID: Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)$Failed to read ptrmap key=%d$Main freelist: $Page %d is never used$Pointer map page %d is referenced$incremental_vacuum enabled with a max rootpage of zero$max rootpage (%d) disagrees with header (%d)
                                                                                                                                                                                                  • API String ID: 2221118986-2103957143
                                                                                                                                                                                                  • Opcode ID: 748b4a723c77d178c8d9d1c4587dbbffe71a6a6f756b27c6b1ba839e83336ac2
                                                                                                                                                                                                  • Instruction ID: e4dca12cb845a481a136413eb0a54533ecc32c8c18e9d85bcd2395e4ca8e6745
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 748b4a723c77d178c8d9d1c4587dbbffe71a6a6f756b27c6b1ba839e83336ac2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D127C73A287468AEB648F65E4846B977B1FF44B98F140536DA6E47AA4CF3CE841C700
                                                                                                                                                                                                  Function 00007FFE75A67DD0 Relevance: 12.4, APIs: 1, Strings: 7, Instructions: 407COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy
                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$NULL$d402f49871152670a62f4f28cacb15d814f2c1644e9347ad7d258e562978e45e$invalid$misuse$unopened
                                                                                                                                                                                                  • API String ID: 3510742995-1131282202
                                                                                                                                                                                                  • Opcode ID: 4ba914c0985d9febd7cebbd0371898ff00981327dd190809dacfba7415343160
                                                                                                                                                                                                  • Instruction ID: 8de024999a739a87e0daf1e89ac2b8dd8e3c0aa898f1b1a5408366432f04238d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ba914c0985d9febd7cebbd0371898ff00981327dd190809dacfba7415343160
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5028B23A28B8385FA649F25945037A67E5FF84F88F580532DA7E476B9DF3DE8458300
                                                                                                                                                                                                  Function 00007FFE759FE220 Relevance: 12.4, APIs: 2, Strings: 6, Instructions: 364COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memset
                                                                                                                                                                                                  • String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789$etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
                                                                                                                                                                                                  • API String ID: 2221118986-463513059
                                                                                                                                                                                                  • Opcode ID: 22f653493e6159d7cbdd4a8ee64347e3d9d918a92d464c4fc601176e122c9f60
                                                                                                                                                                                                  • Instruction ID: cd23928b3054d7ccaee4da027e4ba2ef92e43b31b6c89ec22a58ff84091cc516
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22f653493e6159d7cbdd4a8ee64347e3d9d918a92d464c4fc601176e122c9f60
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DAD1D353B283CA47DF4C8B3965151786B91A759B80B98813ADABE477F2DF2CF612C700
                                                                                                                                                                                                  Function 00007FF6EB6E83B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,00007FF6EB6E8B09,00007FF6EB6E3FA5), ref: 00007FF6EB6E841B
                                                                                                                                                                                                  • RemoveDirectoryW.KERNEL32(?,00007FF6EB6E8B09,00007FF6EB6E3FA5), ref: 00007FF6EB6E849E
                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,00007FF6EB6E8B09,00007FF6EB6E3FA5), ref: 00007FF6EB6E84BD
                                                                                                                                                                                                  • FindNextFileW.KERNEL32(?,00007FF6EB6E8B09,00007FF6EB6E3FA5), ref: 00007FF6EB6E84CB
                                                                                                                                                                                                  • FindClose.KERNEL32(?,00007FF6EB6E8B09,00007FF6EB6E3FA5), ref: 00007FF6EB6E84DC
                                                                                                                                                                                                  • RemoveDirectoryW.KERNEL32(?,00007FF6EB6E8B09,00007FF6EB6E3FA5), ref: 00007FF6EB6E84E5
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                  • String ID: %s\*
                                                                                                                                                                                                  • API String ID: 1057558799-766152087
                                                                                                                                                                                                  • Opcode ID: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                  • Instruction ID: efe4d73ea2d587f4f691179c16584c0f5e66593142a59d703d523894e9335561
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80418323A0C642C5EE219B54E8547BD6360FB9C750F400232D55DC6AB4EF3ED7499716
                                                                                                                                                                                                  Function 00007FFE759F6655 Relevance: 11.0, APIs: 2, Strings: 5, Instructions: 457COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: -x0$0123456789ABCDEF0123456789abcdef$VUUU$VUUU$VUUU
                                                                                                                                                                                                  • API String ID: 0-1449282868
                                                                                                                                                                                                  • Opcode ID: 1691a8e580a87398f80815cc2512789b229b314cb07b6f92269ba341bc2cefa6
                                                                                                                                                                                                  • Instruction ID: b3e8ed6c50f9b8a6119fc1c7a2bc831e8357b1703c9329b547c09b33d8664148
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1691a8e580a87398f80815cc2512789b229b314cb07b6f92269ba341bc2cefa6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E02F123A287C686EB618B28D0547BA7BA5EF85B88F184035DAAD477B5DF2CE541C700
                                                                                                                                                                                                  Function 00007FF6EB6ED19C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3140674995-0
                                                                                                                                                                                                  • Opcode ID: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                  • Instruction ID: e3e305e2fb8781eedd337a9be3a449faef94a6a6220ea94c158b30ebabe64d4a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F315073608B818AEB608F60E8903EE7360FB88744F04403ADB4D97BA4EF79D659C715
                                                                                                                                                                                                  Function 00007FFE75A3C940 Relevance: 9.4, APIs: 2, Strings: 4, Instructions: 368COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: %sSCALAR SUBQUERY %d$CORRELATED $Expression tree is too large (maximum depth %d)$REUSE SUBQUERY %d
                                                                                                                                                                                                  • API String ID: 0-875495356
                                                                                                                                                                                                  • Opcode ID: 4292068f5f8050a9758627c9ad91bf375f87b898590cbfef5002ce2ad6e3136a
                                                                                                                                                                                                  • Instruction ID: 14daca96687dab718997eb279e3d256c3252e24bf4f2e5eb5f573517ccca6640
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4292068f5f8050a9758627c9ad91bf375f87b898590cbfef5002ce2ad6e3136a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0F1BF73A287828AE760CF25E95066A77A0FF85B84F448235DB6D47BA1DF38E491C700
                                                                                                                                                                                                  Function 00007FFE75A6F5E0 Relevance: 9.4, APIs: 3, Strings: 3, Instructions: 360COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy$memset
                                                                                                                                                                                                  • String ID: database schema is locked: %s$out of memory$statement too long
                                                                                                                                                                                                  • API String ID: 438689982-1046679716
                                                                                                                                                                                                  • Opcode ID: cdcd25ed7ee3bdb821f2e4dcd676d018840a69b00932107d1fe8f4d3910ffe29
                                                                                                                                                                                                  • Instruction ID: ed7aa53f3c6a1b8deecb5b977c7030e35481dda2abbdddb94a71e3e7e269c981
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cdcd25ed7ee3bdb821f2e4dcd676d018840a69b00932107d1fe8f4d3910ffe29
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EBF16023A2878286EB65CF25A4503BA6791FF55F88F184136DA6D077ADDF7CE482C700
                                                                                                                                                                                                  Function 00007FF6EB6FA684 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1239891234-0
                                                                                                                                                                                                  • Opcode ID: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                  • Instruction ID: 0a39659bfaf87afc2c860291ea44d931dcf952212375d9d039cb2ab6702e19e3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6317E37608B8186DB20CF24E8407AE77A4FB88754F540136EA8D83BB8EF3DD2558B05
                                                                                                                                                                                                  Function 00007FFE75A23A00 Relevance: 8.0, APIs: 2, Strings: 3, Instructions: 483COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$d402f49871152670a62f4f28cacb15d814f2c1644e9347ad7d258e562978e45e$database corruption
                                                                                                                                                                                                  • API String ID: 0-3555682073
                                                                                                                                                                                                  • Opcode ID: 632936839a87527f152e74760ea262e59e1a062af75a28d094c0d1a547466b53
                                                                                                                                                                                                  • Instruction ID: dea7751754172e26a0d6d0b95586cf0b6292bced645b66b9b9408b3cbf53d3cf
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 632936839a87527f152e74760ea262e59e1a062af75a28d094c0d1a547466b53
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E123673E2C79642E7248A2590423BA77A2EFD2F44F144932DABE436E5DF7DE8458700
                                                                                                                                                                                                  Function 00007FF6EB7018E4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2227656907-0
                                                                                                                                                                                                  • Opcode ID: 2ef3c37f04818ead7d44404f95bcb0bbc346a7a2ea351082cea4bee254bbf61c
                                                                                                                                                                                                  • Instruction ID: c25617bd5ae4a624b3fcfa98f5e158b31b2e56bde95753b8a047c986badadce4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2ef3c37f04818ead7d44404f95bcb0bbc346a7a2ea351082cea4bee254bbf61c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F8B1A163B1868241EE619B6294103BA63A1EB48BE4F544132FA5D87FF5FF3EE451C306
                                                                                                                                                                                                  Function 00007FFE75A155B0 Relevance: 6.6, APIs: 5, Instructions: 360COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy$memset
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 438689982-0
                                                                                                                                                                                                  • Opcode ID: 1d31a052f3fb5d5dfaae12649c8e8374f67d6bb8a47f763e95b5c464b2911056
                                                                                                                                                                                                  • Instruction ID: dc00f2090635e38ea3683848c27cd2f9d8869482212a736c2d75443b411e1307
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d31a052f3fb5d5dfaae12649c8e8374f67d6bb8a47f763e95b5c464b2911056
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EAE1F133A287818AEB908F29D08076D67A1FF49FC4F048436EE5E477A5DE3DE4458B01
                                                                                                                                                                                                  Function 00007FFE75D322E8 Relevance: 6.4, APIs: 5, Instructions: 140COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494950414.00007FFE75D31000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFE75D30000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494917275.00007FFE75D30000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D3D000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D95000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DA9000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DB9000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DCD000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75F7C000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75F7E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75FA9000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75FDA000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE76000000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE76026000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495610994.00007FFE7604E000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495645829.00007FFE76054000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76056000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76072000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76076000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75d30000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memmove$memset
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3790616698-0
                                                                                                                                                                                                  • Opcode ID: 51b66f021cd6887e2f3166c0257dd0c7f3025c7e02eaaa6dc68159711c9c4620
                                                                                                                                                                                                  • Instruction ID: 78d9863024e427bd454c0c371661011f8d4b3031d67588cb3dea8a6f84478782
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 51b66f021cd6887e2f3166c0257dd0c7f3025c7e02eaaa6dc68159711c9c4620
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0651B33772DBC986DA508B16E94026EAB94FB4AF94F845135EEAD077AACF3CD105C700
                                                                                                                                                                                                  Function 00007FF6EB6E5820 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E5830
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E5842
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E5879
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E588B
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E58A4
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E58B6
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E58CF
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E58E1
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E58FD
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E590F
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E592B
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E593D
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E5959
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E596B
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E5987
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E5999
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E59B5
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF6EB6E64BF,?,00007FF6EB6E336E), ref: 00007FF6EB6E59C7
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressErrorLastProc
                                                                                                                                                                                                  • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                  • API String ID: 199729137-653951865
                                                                                                                                                                                                  • Opcode ID: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                  • Instruction ID: 0ee4d0ba61533fe5376e195a6e766eb6b070652b561e4b1ca2d00b46566a604b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F022846690DB0791FE159B65ACA437823A4BF0C745F445036C81E82BB0FF3FB669930A
                                                                                                                                                                                                  Function 00007FF6EB6E76B0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressErrorLastProc
                                                                                                                                                                                                  • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                  • API String ID: 199729137-3427451314
                                                                                                                                                                                                  • Opcode ID: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                  • Instruction ID: 9ec8ebcf2ffedcff3a68da43fcb0268368e2adae4ee533450d1abb470a878fa7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4502C56290DB07D0EE159B54ACA07B92761BF0C754F801032D92E86B74FF3FB668931A
                                                                                                                                                                                                  Function 00007FFE75EE3F10 Relevance: 49.7, APIs: 19, Strings: 14, Instructions: 223stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFE75EE4B53,?,?,?,?,?,?,?,?,00007FFE75EE2B8B), ref: 00007FFE75EE3F61
                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFE75EE4B53,?,?,?,?,?,?,?,?,00007FFE75EE2B8B), ref: 00007FFE75EE3F78
                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFE75EE4B53,?,?,?,?,?,?,?,?,00007FFE75EE2B8B), ref: 00007FFE75EE3F8F
                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFE75EE4B53,?,?,?,?,?,?,?,?,00007FFE75EE2B8B), ref: 00007FFE75EE3FC2
                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFE75EE4B53,?,?,?,?,?,?,?,?,00007FFE75EE2B8B), ref: 00007FFE75EE400B
                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFE75EE4B53,?,?,?,?,?,?,?,?,00007FFE75EE2B8B), ref: 00007FFE75EE403F
                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFE75EE4B53,?,?,?,?,?,?,?,?,00007FFE75EE2B8B), ref: 00007FFE75EE4091
                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFE75EE4B53,?,?,?,?,?,?,?,?,00007FFE75EE2B8B), ref: 00007FFE75EE40A4
                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFE75EE4B53,?,?,?,?,?,?,?,?,00007FFE75EE2B8B), ref: 00007FFE75EE40BB
                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFE75EE4B53,?,?,?,?,?,?,?,?,00007FFE75EE2B8B), ref: 00007FFE75EE40CE
                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFE75EE4B53,?,?,?,?,?,?,?,?,00007FFE75EE2B8B), ref: 00007FFE75EE40E5
                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFE75EE4B53,?,?,?,?,?,?,?,?,00007FFE75EE2B8B), ref: 00007FFE75EE40F8
                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFE75EE4B53,?,?,?,?,?,?,?,?,00007FFE75EE2B8B), ref: 00007FFE75EE410F
                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFE75EE4B53,?,?,?,?,?,?,?,?,00007FFE75EE2B8B), ref: 00007FFE75EE4122
                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFE75EE4B53,?,?,?,?,?,?,?,?,00007FFE75EE2B8B), ref: 00007FFE75EE4135
                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFE75EE4B53,?,?,?,?,?,?,?,?,00007FFE75EE2B8B), ref: 00007FFE75EE4148
                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFE75EE4B53,?,?,?,?,?,?,?,?,00007FFE75EE2B8B), ref: 00007FFE75EE415B
                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFE75EE4B53,?,?,?,?,?,?,?,?,00007FFE75EE2B8B), ref: 00007FFE75EE41A7
                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFE75EE4B53,?,?,?,?,?,?,?,?,00007FFE75EE2B8B), ref: 00007FFE75EE41D2
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494950414.00007FFE75DCD000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFE75D30000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494917275.00007FFE75D30000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D31000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D3D000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D95000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DA9000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DB9000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75F7C000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75F7E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75FA9000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75FDA000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE76000000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE76026000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495610994.00007FFE7604E000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495645829.00007FFE76054000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76056000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76072000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76076000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75d30000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: strcmp
                                                                                                                                                                                                  • String ID: ANY PRIVATE KEY$CERTIFICATE$CERTIFICATE REQUEST$CMS$DH PARAMETERS$ENCRYPTED PRIVATE KEY$NEW CERTIFICATE REQUEST$PARAMETERS$PKCS #7 SIGNED DATA$PKCS7$PRIVATE KEY$TRUSTED CERTIFICATE$X509 CERTIFICATE$X9.42 DH PARAMETERS
                                                                                                                                                                                                  • API String ID: 1004003707-1119032718
                                                                                                                                                                                                  • Opcode ID: 53791607f956101f911f03bce5df1fcc48f1ca8588c3d50ca4fb3c9ab6ede07a
                                                                                                                                                                                                  • Instruction ID: 7621097fa613388afb5cfff90299522c135456937e5ad84e16590a385dc6dfcc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 53791607f956101f911f03bce5df1fcc48f1ca8588c3d50ca4fb3c9ab6ede07a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8919D13E3C7C790FE595B259E102B82691DF5AFA4FA85135DD3E826E9EF2CE4418340
                                                                                                                                                                                                  Function 00007FFE75D31B77 Relevance: 31.7, APIs: 11, Strings: 7, Instructions: 204stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494950414.00007FFE75D31000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFE75D30000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494917275.00007FFE75D30000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D3D000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D95000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DA9000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DB9000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DCD000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75F7C000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75F7E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75FA9000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75FDA000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE76000000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE76026000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495610994.00007FFE7604E000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495645829.00007FFE76054000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76056000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76072000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76076000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75d30000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: strspn$strncmp
                                                                                                                                                                                                  • String ID: $ $ ,$..\s\crypto\pem\pem_lib.c$DEK-Info:$ENCRYPTED$Proc-Type:
                                                                                                                                                                                                  • API String ID: 1384302209-3505811795
                                                                                                                                                                                                  • Opcode ID: 398b3682302abd1cc3d8a4816504ce7b5e9254469f9c734eb94c0a305c6e8597
                                                                                                                                                                                                  • Instruction ID: 2cbf7195d48caae7bdfe90e754059d38a2fb065843810be581d03b4e8f161018
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 398b3682302abd1cc3d8a4816504ce7b5e9254469f9c734eb94c0a305c6e8597
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2591BD72B2C79B82FB258B21A90417A3791EB08F84F544035DA6D476A5EF3CF94AC740
                                                                                                                                                                                                  Function 00007FFE75A9B570 Relevance: 25.7, APIs: 1, Strings: 16, Instructions: 234COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00007FFE75A39D30: memcpy.VCRUNTIME140(?,?,?,00000000,?,?,00000000,00007FFE75AA120A,?,?,?,?,?,00007FFE75A39AD2), ref: 00007FFE75A39EE7
                                                                                                                                                                                                    • Part of subcall function 00007FFE75A39820: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,00000000,00007FFE75A3463C), ref: 00007FFE75A3998A
                                                                                                                                                                                                    • Part of subcall function 00007FFE75A39820: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,00000000,00007FFE75A3463C), ref: 00007FFE75A39A16
                                                                                                                                                                                                  • memcpy.VCRUNTIME140 ref: 00007FFE75A9B8F2
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy
                                                                                                                                                                                                  • String ID: FILTER clause may only be used with aggregate window functions$L$RANGE with offset PRECEDING/FOLLOWING requires one ORDER BY expression$U$U$Y$Z$Z$cume_dist$dense_rank$lag$lead$ntile$percent_rank$rank$row_number
                                                                                                                                                                                                  • API String ID: 3510742995-2880407920
                                                                                                                                                                                                  • Opcode ID: f0ae82e0d62a1a73aae411f50bcdf0501111d4d3889110fbba3c7f781742faa1
                                                                                                                                                                                                  • Instruction ID: 4c88903d6b0922f1ba61ab9b7c4c625b9e41ee3ca9421b3456711c5691f4ebf7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f0ae82e0d62a1a73aae411f50bcdf0501111d4d3889110fbba3c7f781742faa1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1BB1A073A29B95CAE760CF65E4502AA37A1FB44B48F004235DBAD07BA5DF3CE455CB00
                                                                                                                                                                                                  Function 00007FF6EB6E81C0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6EB6E45E4,00000000,00007FF6EB6E1985), ref: 00007FF6EB6E9439
                                                                                                                                                                                                  • ExpandEnvironmentStringsW.KERNEL32(?,00007FF6EB6E88A7,?,?,00000000,00007FF6EB6E3CBB), ref: 00007FF6EB6E821C
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E2810: MessageBoxW.USER32 ref: 00007FF6EB6E28EA
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                  • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                  • API String ID: 1662231829-930877121
                                                                                                                                                                                                  • Opcode ID: 6fbdb188916104b0c2c5940302cfd80688c9116ecc918f500a0c860990a20752
                                                                                                                                                                                                  • Instruction ID: fa6a6cb18a39170a3b8dbfdea48a8a5072ab2b2062bc9e86a9cf5d3e6635c9d0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6fbdb188916104b0c2c5940302cfd80688c9116ecc918f500a0c860990a20752
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1351B413A1C64285FB519B24EC513BE6351BF9C780F444032EA0EC6AF5FE2EE605934A
                                                                                                                                                                                                  Function 00007FF6EB6E1600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                  • API String ID: 2050909247-1550345328
                                                                                                                                                                                                  • Opcode ID: 431c002c6cd019b9e7c6bd29d6c5c8843b91c17c124ea52eb747b0703da827c3
                                                                                                                                                                                                  • Instruction ID: 46eb57372a77ca9235dd435c4e1cb2ee77d54e5a5370af46a6b778885e897826
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 431c002c6cd019b9e7c6bd29d6c5c8843b91c17c124ea52eb747b0703da827c3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7951A023B0864392EE109B1198103AA6361BF4CB94F544132EE0C87BF5EF3FE655E74A
                                                                                                                                                                                                  Function 00007FF6EB6E80B0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                  • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                  • API String ID: 3975851968-2863640275
                                                                                                                                                                                                  • Opcode ID: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                  • Instruction ID: a25337dda0ec161908b602f1a9994fe3e3627c7d368b7caa1766d4a83580d0ef
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE214423B18A4381EB558B7AA85437D6750EF8CB90F584131EA2DC37F4EE2ED7958306
                                                                                                                                                                                                  Function 00007FFE75A68400 Relevance: 16.9, APIs: 2, Strings: 9, Instructions: 376COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: %s.%s$_init$error during initialization: %s$lib$no entry point [%s] in shared library [%s]$not authorized$sqlite3_$sqlite3_extension_init$unable to open shared library [%.*s]
                                                                                                                                                                                                  • API String ID: 0-3733955532
                                                                                                                                                                                                  • Opcode ID: ffe1126cfc6c2b95690059aa2d35b5dfc4546e3b4be975e8e1cae76dfe6076af
                                                                                                                                                                                                  • Instruction ID: 2a4eecc60c9c5c4ae17e056b387d8ac5c40ed6d06776abe02f754d54bd685a50
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ffe1126cfc6c2b95690059aa2d35b5dfc4546e3b4be975e8e1cae76dfe6076af
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2F16C63A29B83C2FE658F11A85467963E4FF45F85F084536DAAE066B9DF3CE446C300
                                                                                                                                                                                                  Function 00007FFE75A282B0 Relevance: 15.3, APIs: 2, Strings: 8, Instructions: 333COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy
                                                                                                                                                                                                  • String ID: %!.15g$%02x$%lld$'%.*q'$-- $?$NULL$zeroblob(%d)
                                                                                                                                                                                                  • API String ID: 3510742995-875588658
                                                                                                                                                                                                  • Opcode ID: 3b5dd7197e96d22efc9faad9b9010e20adc5a241cdec7c1821b0221f49f86de2
                                                                                                                                                                                                  • Instruction ID: cf550b409055c3e3ebced30cdcb17f0829df6713d5363086f2c347a20008586b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3b5dd7197e96d22efc9faad9b9010e20adc5a241cdec7c1821b0221f49f86de2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B7E14C63F287528AFB61CF64D4553BC27A0AF44B48F444536EE2EA2AA9DF3CE545C340
                                                                                                                                                                                                  Function 00007FFE75A43000 Relevance: 15.3, APIs: 1, Strings: 9, Instructions: 325COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Cannot add a UNIQUE column, xrefs: 00007FFE75A43133
                                                                                                                                                                                                  • SELECT raise(ABORT,%Q) FROM "%w"."%w", xrefs: 00007FFE75A4318D, 00007FFE75A43209, 00007FFE75A43313
                                                                                                                                                                                                  • Cannot add a NOT NULL column with default value NULL, xrefs: 00007FFE75A431A5
                                                                                                                                                                                                  • UPDATE "%w".sqlite_master SET sql = printf('%%.%ds, ',sql) || %Q || substr(sql,1+length(printf('%%.%ds',sql))) WHERE type = 'table' AND name = %Q, xrefs: 00007FFE75A433AC
                                                                                                                                                                                                  • Cannot add a column with non-constant default, xrefs: 00007FFE75A431FF
                                                                                                                                                                                                  • SELECT CASE WHEN quick_check GLOB 'CHECK*' THEN raise(ABORT,'CHECK constraint failed') ELSE raise(ABORT,'NOT NULL constraint failed') END FROM pragma_quick_check(%Q,%Q) WHERE quick_check GLOB 'CHECK*' OR quick_check GLOB 'NULL*', xrefs: 00007FFE75A434E1
                                                                                                                                                                                                  • Cannot add a PRIMARY KEY column, xrefs: 00007FFE75A43118
                                                                                                                                                                                                  • cannot add a STORED column, xrefs: 00007FFE75A43304
                                                                                                                                                                                                  • Cannot add a REFERENCES column with non-NULL default value, xrefs: 00007FFE75A43183
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy
                                                                                                                                                                                                  • String ID: Cannot add a NOT NULL column with default value NULL$Cannot add a PRIMARY KEY column$Cannot add a REFERENCES column with non-NULL default value$Cannot add a UNIQUE column$Cannot add a column with non-constant default$SELECT CASE WHEN quick_check GLOB 'CHECK*' THEN raise(ABORT,'CHECK constraint failed') ELSE raise(ABORT,'NOT NULL constraint failed') END FROM pragma_quick_check(%Q,%Q) WHERE quick_check GLOB 'CHECK*' OR quick_check GLOB 'NULL*'$SELECT raise(ABORT,%Q) FROM "%w"."%w"$UPDATE "%w".sqlite_master SET sql = printf('%%.%ds, ',sql) || %Q || substr(sql,1+length(printf('%%.%ds',sql))) WHERE type = 'table' AND name = %Q$cannot add a STORED column
                                                                                                                                                                                                  • API String ID: 3510742995-3865411212
                                                                                                                                                                                                  • Opcode ID: 6b0d9fbc83b5f3c86e6dfecdd1268d26f9b7f66d2b46c94e9726b77a0b7fc788
                                                                                                                                                                                                  • Instruction ID: d02226b8e5571033475971117ce26f2f5a6e0b1085d9d35ff7bbf8ed949610da
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b0d9fbc83b5f3c86e6dfecdd1268d26f9b7f66d2b46c94e9726b77a0b7fc788
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8EE18D23A29B8A81EB658B9AA5447BD67A1FF44FC4F444532CE6D077A5DF3CE486C300
                                                                                                                                                                                                  Function 00007FFE75D34B3D Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 127stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494950414.00007FFE75D31000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFE75D30000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494917275.00007FFE75D30000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D3D000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D95000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DA9000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DB9000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DCD000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75F7C000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75F7E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75FA9000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75FDA000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE76000000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE76026000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495610994.00007FFE7604E000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495645829.00007FFE76054000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76056000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76072000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76076000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75d30000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: strncmp
                                                                                                                                                                                                  • String ID: , value=$..\s\crypto\x509v3\v3_conf.c$/$ASN1:$DER:$critical,$name=
                                                                                                                                                                                                  • API String ID: 1114863663-1429737502
                                                                                                                                                                                                  • Opcode ID: 7f2ca93d11da1ca7a80ac0ee73faedd964ac5519fcad5655242ec72a9e8b707f
                                                                                                                                                                                                  • Instruction ID: e51c3e3f721d4022d2fc7ce1cae5391f61c495ea2a7d94f9436cdb6391b44475
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f2ca93d11da1ca7a80ac0ee73faedd964ac5519fcad5655242ec72a9e8b707f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA41CE23A287CA41EB199F22A90027A6A90EF55F98F484036DD6D477E9EF3CE5058740
                                                                                                                                                                                                  Function 00007FF6EB6F6300 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: -$:$f$p$p
                                                                                                                                                                                                  • API String ID: 3215553584-2013873522
                                                                                                                                                                                                  • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                  • Instruction ID: 7c125e81695b75658743243ae118c01aa830367c65f8cda2b723e09e45d423ba
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8112C373E0C14386FB245E94D11437A77A1FB48754FA44135E69A87AE8DF3EE480EB0A
                                                                                                                                                                                                  Function 00007FF6EB6F1038 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: f$f$p$p$f
                                                                                                                                                                                                  • API String ID: 3215553584-1325933183
                                                                                                                                                                                                  • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                  • Instruction ID: 9215fc4ad66a5de047dc54ab4513740a5746e30858b5d26d371bd5f418038457
                                                                                                                                                                                                  • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C612B523E0C14386FB209E55E0547797372FB84794FA84035E699C7AE4DF7EE480AB0A
                                                                                                                                                                                                  Function 00007FFE759FF1C0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 135COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: new[]
                                                                                                                                                                                                  • String ID: %s%c%s$:$:$?$\$winFullPathname1$winFullPathname2
                                                                                                                                                                                                  • API String ID: 4059295235-3840279414
                                                                                                                                                                                                  • Opcode ID: a64556b63462c90a227d4e7cefc6a6e4c5cb8f667e262823cc78d299466ad490
                                                                                                                                                                                                  • Instruction ID: dbb9d9efbb88dc17dcd42b2e178b88dd783c4e4f00ef94bf70b54a9dc201dd79
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a64556b63462c90a227d4e7cefc6a6e4c5cb8f667e262823cc78d299466ad490
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E51AE27E2C78245FB659F61A4016BA6B91AF85F88F480036D97E076F6EF3CE546C700
                                                                                                                                                                                                  Function 00007FF6EB6E1050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                  • API String ID: 2050909247-3659356012
                                                                                                                                                                                                  • Opcode ID: b4d318163dd8b5c14e13325edca22eecf3873da7d4a65f8e4b7f3c93850b0406
                                                                                                                                                                                                  • Instruction ID: b6ebae07b5e28e94a57273f009f0194a4acb997e518f360d8f3ad9cb5ae00f02
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4d318163dd8b5c14e13325edca22eecf3873da7d4a65f8e4b7f3c93850b0406
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 43418123B1865281EA10DB12AC107BD67A5FF4CBC4F544432ED0C87BB5DE3EE245A74A
                                                                                                                                                                                                  Function 00007FF6EB6E8850 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetTempPathW.KERNEL32(?,?,00000000,00007FF6EB6E3CBB), ref: 00007FF6EB6E88F4
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,00000000,00007FF6EB6E3CBB), ref: 00007FF6EB6E88FA
                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000,00007FF6EB6E3CBB), ref: 00007FF6EB6E893C
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E8A20: GetEnvironmentVariableW.KERNEL32(00007FF6EB6E388E), ref: 00007FF6EB6E8A57
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E8A20: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6EB6E8A79
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6F82A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6EB6F82C1
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E2810: MessageBoxW.USER32 ref: 00007FF6EB6E28EA
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                  • API String ID: 3563477958-1339014028
                                                                                                                                                                                                  • Opcode ID: 6ea14b1c2d16789ddeaa0d8cc05df9935aa6d91fa7ad17376743f3d33dced37a
                                                                                                                                                                                                  • Instruction ID: 4b198afc1ceaf27a212a5ee6ced393448c775d6b9753c89eb5f82b01baa6273b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ea14b1c2d16789ddeaa0d8cc05df9935aa6d91fa7ad17376743f3d33dced37a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD418213A1964384EA21AB25AC553BE1391AF8D780F504131ED0DD7BF6EE3EE605E30A
                                                                                                                                                                                                  Function 00007FFE75A2F970 Relevance: 14.0, APIs: 1, Strings: 8, Instructions: 490COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memset
                                                                                                                                                                                                  • String ID: cannot open %s column for writing$cannot open table without rowid: %s$cannot open view: %s$cannot open virtual table: %s$foreign key$indexed$no such column: "%s"$out of memory
                                                                                                                                                                                                  • API String ID: 2221118986-554953066
                                                                                                                                                                                                  • Opcode ID: e49dea43c45aaa90a6615c274e303f42072f538a78cdb0473b6c7037b28f0a2d
                                                                                                                                                                                                  • Instruction ID: d473ce0343a419a4cac67f07c0969e234b7ed2c171a1311573701103517c8fb2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e49dea43c45aaa90a6615c274e303f42072f538a78cdb0473b6c7037b28f0a2d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6032BC33A28B8286EB64CF2594816B937A4FF89F88F504536DE6D477A9DF38E451C700
                                                                                                                                                                                                  Function 00007FF6EB6EEA78 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                                                                                  • API String ID: 849930591-393685449
                                                                                                                                                                                                  • Opcode ID: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                  • Instruction ID: d84005baf34f020d1704ec0c713e61e468409c116d245106e4f9ebada2de3382
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33D19273A0874186EB60DF65E8403AD37A0FB49788F100135EE4D97BA9DF39E241D706
                                                                                                                                                                                                  Function 00007FFE75D360CD Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 227COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494950414.00007FFE75D31000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFE75D30000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494917275.00007FFE75D30000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D3D000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D95000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DA9000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DB9000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DCD000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75F7C000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75F7E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75FA9000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75FDA000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE76000000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE76026000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495610994.00007FFE7604E000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495645829.00007FFE76054000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76056000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76072000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76076000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75d30000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Fiber$Switch$CreateDeletememmove
                                                                                                                                                                                                  • String ID: *$..\s\crypto\async\async.c
                                                                                                                                                                                                  • API String ID: 81049052-1471988776
                                                                                                                                                                                                  • Opcode ID: e8af56743d8ccab5a2209cc3affebf65b512c1f09875f7a027cf55f69544c385
                                                                                                                                                                                                  • Instruction ID: 6d95df6d7a7464143d44210bab1caec09163148003c9e4b12446fe5a16a30970
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e8af56743d8ccab5a2209cc3affebf65b512c1f09875f7a027cf55f69544c385
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2A15633A2DB8681EA24DF26E85066A73A0EB44F88F444431DBAE477B5EF7DE545C700
                                                                                                                                                                                                  Function 00007FFE75A4D4A0 Relevance: 12.4, APIs: 1, Strings: 7, Instructions: 405COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy
                                                                                                                                                                                                  • String ID: %s %T already exists$sqlite_master$sqlite_temp_master$table$temporary table name must be unqualified$there is already an index named %s$view
                                                                                                                                                                                                  • API String ID: 3510742995-2846519077
                                                                                                                                                                                                  • Opcode ID: 0f3024ed2a85ad71d7e0e94c3ec6d72c0c4836aa5dba8988f1565ea812afb8ba
                                                                                                                                                                                                  • Instruction ID: e16ebc42abc8a4dab921b5f70a72e88cb9aaa1f54419a02663c016e09f7c4849
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f3024ed2a85ad71d7e0e94c3ec6d72c0c4836aa5dba8988f1565ea812afb8ba
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA02AC63A2878286EB94DF29A4007B937A1FF85F88F444635DA6D47BA5DF3CE542C700
                                                                                                                                                                                                  Function 00007FF6EB6FED80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF6EB6FF11A,?,?,-00000018,00007FF6EB6FADC3,?,?,?,00007FF6EB6FACBA,?,?,?,00007FF6EB6F5FAE), ref: 00007FF6EB6FEEFC
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF6EB6FF11A,?,?,-00000018,00007FF6EB6FADC3,?,?,?,00007FF6EB6FACBA,?,?,?,00007FF6EB6F5FAE), ref: 00007FF6EB6FEF08
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                  • API String ID: 3013587201-537541572
                                                                                                                                                                                                  • Opcode ID: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                  • Instruction ID: 32770b9436bd2a6956cbe1562d8c664e623bed86402573b32ab7ee4cc26ae7fe
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E412323B19A0241FA15CF16B8107752B92BF4CB90FA94539DD1DC7BB4EE3EE904930A
                                                                                                                                                                                                  Function 00007FF6EB6E2C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6EB6E3706,?,00007FF6EB6E3804), ref: 00007FF6EB6E2C9E
                                                                                                                                                                                                  • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6EB6E3706,?,00007FF6EB6E3804), ref: 00007FF6EB6E2D63
                                                                                                                                                                                                  • MessageBoxW.USER32 ref: 00007FF6EB6E2D99
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                  • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                  • API String ID: 3940978338-251083826
                                                                                                                                                                                                  • Opcode ID: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                  • Instruction ID: ee8bdaa5553df0ea0498aef2335aadcbe119539c25da5c7b30f52eb210e48a45
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C31D72370464142EA209B11A8107AB6795BF8C7C8F400136EF4DD3B79EF3ED61AD305
                                                                                                                                                                                                  Function 00007FFE75A44460 Relevance: 12.3, APIs: 6, Strings: 2, Instructions: 301COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy$memset
                                                                                                                                                                                                  • String ID: "%w" $%Q%s
                                                                                                                                                                                                  • API String ID: 438689982-1987291987
                                                                                                                                                                                                  • Opcode ID: f8c7ecc92f771ccc26158bc2e2d9bbfe03b9e5201de25fbd62ec7291ce7e14d7
                                                                                                                                                                                                  • Instruction ID: 1346b9642ef792a70607c15f36fe87c5eaad2a9b79895aa40fce5f6758e2dbbe
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8c7ecc92f771ccc26158bc2e2d9bbfe03b9e5201de25fbd62ec7291ce7e14d7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70C1B123A28B8186EA54CF99A450279ABA0FF45FA4F144635EE7E077E4DF3CE442C700
                                                                                                                                                                                                  Function 00007FFE75A0ECD0 Relevance: 12.3, APIs: 5, Strings: 3, Instructions: 270COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy
                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$d402f49871152670a62f4f28cacb15d814f2c1644e9347ad7d258e562978e45e$database corruption
                                                                                                                                                                                                  • API String ID: 3510742995-3555682073
                                                                                                                                                                                                  • Opcode ID: 9fb8c1d46e74f2871fa1ee4b87f4bc076464a0f4f8271572b1614509a5ba3bff
                                                                                                                                                                                                  • Instruction ID: 2a5de7742c08e97ba153d43629ad13a3578e87854aea5a2a141a6936e1e86847
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9fb8c1d46e74f2871fa1ee4b87f4bc076464a0f4f8271572b1614509a5ba3bff
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8FB10323A2C3D286D7658B14A49067E7B92FB80B84F044139EBAE477A5EE3CE456D710
                                                                                                                                                                                                  Function 00007FFE75A01140 Relevance: 11.0, APIs: 1, Strings: 6, Instructions: 492COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ATTACH x AS %Q$d402f49871152670a62f4f28cacb15d814f2c1644e9347ad7d258e562978e45e$misuse
                                                                                                                                                                                                  • API String ID: 0-2033871898
                                                                                                                                                                                                  • Opcode ID: e2be4cafbb1b52c59c05cf1e8529cf1d98a43b4a30efe6083a1388456b46f42b
                                                                                                                                                                                                  • Instruction ID: f3edc84cbca782c8f8df8fb56a9d548f4fa220189b029f34b309381ce20e5232
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e2be4cafbb1b52c59c05cf1e8529cf1d98a43b4a30efe6083a1388456b46f42b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D832A423A29B8182EB558F29E9442BC3364FF99F84F145235DEAD07766EF38E185C340
                                                                                                                                                                                                  Function 00007FFE75A6ED60 Relevance: 10.8, APIs: 1, Strings: 6, Instructions: 319COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy
                                                                                                                                                                                                  • String ID: CREATE TABLE x(type text,name text,tbl_name text,rootpage int,sql text)$SELECT*FROM"%w".%s ORDER BY rowid$ase$sqlite_master$sqlite_temp_master$table
                                                                                                                                                                                                  • API String ID: 3510742995-879093740
                                                                                                                                                                                                  • Opcode ID: ce92f76c8853639b7dd0439c5dd25c4aa4740efc85eaffa85d1fcdfe545afe10
                                                                                                                                                                                                  • Instruction ID: cbf5bfb9a4e0029cd98b7776035563f724726189e0b73b7933f6e098ba4f1dc1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce92f76c8853639b7dd0439c5dd25c4aa4740efc85eaffa85d1fcdfe545afe10
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31E1BA23E28B829AEB11CB25D5406BD27A5FF55B88F054236DE2C177A9DF39E442C740
                                                                                                                                                                                                  Function 00007FFE75D33CFC Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 114stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494950414.00007FFE75D31000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFE75D30000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494917275.00007FFE75D30000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D3D000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D95000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DA9000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DB9000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DCD000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75F7C000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75F7E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75FA9000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75FDA000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE76000000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE76026000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495610994.00007FFE7604E000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495645829.00007FFE76054000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76056000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76072000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76076000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75d30000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _stricmpstrchrstrncmp
                                                                                                                                                                                                  • String ID: ..\s\crypto\store\store_lib.c$T$file
                                                                                                                                                                                                  • API String ID: 3017659097-909561481
                                                                                                                                                                                                  • Opcode ID: 0c7362976ff57c6aae3128b5906abf98a92d73445f6606c96b6f18c90bbe9dc3
                                                                                                                                                                                                  • Instruction ID: dca81ba00a8a8207f7fa9826690dc9d62310b94eaa979598ee6c19f6a696b56b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c7362976ff57c6aae3128b5906abf98a92d73445f6606c96b6f18c90bbe9dc3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F41AE73A29B8686EB159F12E8405AA73A4FF88F84F444434DE6D47BA5EF3CE505CB00
                                                                                                                                                                                                  Function 00007FF6EB6EDD38 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF6EB6EDFEA,?,?,?,00007FF6EB6EDCDC,?,?,?,00007FF6EB6ED8D9), ref: 00007FF6EB6EDDBD
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF6EB6EDFEA,?,?,?,00007FF6EB6EDCDC,?,?,?,00007FF6EB6ED8D9), ref: 00007FF6EB6EDDCB
                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF6EB6EDFEA,?,?,?,00007FF6EB6EDCDC,?,?,?,00007FF6EB6ED8D9), ref: 00007FF6EB6EDDF5
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF6EB6EDFEA,?,?,?,00007FF6EB6EDCDC,?,?,?,00007FF6EB6ED8D9), ref: 00007FF6EB6EDE63
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF6EB6EDFEA,?,?,?,00007FF6EB6EDCDC,?,?,?,00007FF6EB6ED8D9), ref: 00007FF6EB6EDE6F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                                  • API String ID: 2559590344-2084034818
                                                                                                                                                                                                  • Opcode ID: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                  • Instruction ID: b4af052fc0f8908d0ebf3792da8b6c4b06eda82a2ab058687d77314402057209
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C31E423B1A60281EE129B02AC043782394FF5CBA4F495535ED2D977A0EF3EE644930A
                                                                                                                                                                                                  Function 00007FF6EB6E2A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF6EB6E351A,?,00000000,00007FF6EB6E3F23), ref: 00007FF6EB6E2AA0
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                  • API String ID: 2050909247-2900015858
                                                                                                                                                                                                  • Opcode ID: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                  • Instruction ID: bcc75e871bb577528dfe5a8e36f3f6025bec15f5bd80091d5674d7e3baa3dc7f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5221A133A1878182EA20DB51B8917EA67A4FB8C7C4F400132FE8C83B69DF3DE6559705
                                                                                                                                                                                                  Function 00007FF6EB6E8760 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 995526605-0
                                                                                                                                                                                                  • Opcode ID: 1e3bf3a8b1345e2c0c0bdd6ff4e06add0bb9355989cc78c5a669156b3459c754
                                                                                                                                                                                                  • Instruction ID: 90b4420b6f5a35834c78719cfa94eb4468e297636807ef698507c7fabdfd8268
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e3bf3a8b1345e2c0c0bdd6ff4e06add0bb9355989cc78c5a669156b3459c754
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD215E33A1C64282EB109B55B89433EA7A0FF897A0F100235EAADC3BF4DE6ED554C705
                                                                                                                                                                                                  Function 00007FF6EB6FB1C0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                                  • Opcode ID: 7a7efe5704aebd884d83a549bac9021180a30b6e3a5084d39c82c78793c2ea5e
                                                                                                                                                                                                  • Instruction ID: 368a6d996a8ae8414b3cbd2515c406b138d8b71a068d2b590148e80ea69b84d2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a7efe5704aebd884d83a549bac9021180a30b6e3a5084d39c82c78793c2ea5e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC214F22F0D24641FA546B61566537D53526F4C7E0F284734D93EC6BF6DE2EE402630B
                                                                                                                                                                                                  Function 00007FF6EB707DDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                  • String ID: CONOUT$
                                                                                                                                                                                                  • API String ID: 3230265001-3130406586
                                                                                                                                                                                                  • Opcode ID: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                  • Instruction ID: c518d2f691286843d65b84f2a3f60b161537439c2d16be3118efea33d156fb33
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77118422618A4186EB508B52F86432967A0FB9CFE4F040235DA5DC7BB4DF3ED9248749
                                                                                                                                                                                                  Function 00007FFE75A514C0 Relevance: 9.3, APIs: 3, Strings: 3, Instructions: 330COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • number of columns in foreign key does not match the number of columns in the referenced table, xrefs: 00007FFE75A5156E
                                                                                                                                                                                                  • unknown column "%s" in foreign key definition, xrefs: 00007FFE75A5185C
                                                                                                                                                                                                  • foreign key on %s should reference only one column of table %T, xrefs: 00007FFE75A51545
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy$memset
                                                                                                                                                                                                  • String ID: foreign key on %s should reference only one column of table %T$number of columns in foreign key does not match the number of columns in the referenced table$unknown column "%s" in foreign key definition
                                                                                                                                                                                                  • API String ID: 438689982-272990098
                                                                                                                                                                                                  • Opcode ID: b49852cd9d0a374925438d28ffaeab5ff34ecbf4e98925812323eec355fbb82b
                                                                                                                                                                                                  • Instruction ID: 2ab0c7486d0bfc4b762645a8ea05d82631d15c8daccfefd4d898e3d5b8b375eb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b49852cd9d0a374925438d28ffaeab5ff34ecbf4e98925812323eec355fbb82b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8D1CD63A28B8282EB608B159444BBA6BA1FF55FC4F484535DEAE037A5DF3CE441D780
                                                                                                                                                                                                  Function 00007FFE75A73C80 Relevance: 9.3, APIs: 2, Strings: 4, Instructions: 291COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpymemset
                                                                                                                                                                                                  • String ID: %.*z:%u$column%d$out of memory$rowid
                                                                                                                                                                                                  • API String ID: 1297977491-4032372628
                                                                                                                                                                                                  • Opcode ID: 04503795ebc2cc851ff3502ce9231a0684313acda6bc6a5ddb6719a18e66d65d
                                                                                                                                                                                                  • Instruction ID: 420e65a30218a201b98f07bb1cbfb62e5814e9f37cabfb9a446f56edd40caddd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 04503795ebc2cc851ff3502ce9231a0684313acda6bc6a5ddb6719a18e66d65d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1AC1BE23F2978A85EA618F2594403B96BA1EF45F84F49493ADE7D077A5EF3CE541C300
                                                                                                                                                                                                  Function 00007FFE75A26120 Relevance: 9.3, APIs: 1, Strings: 5, Instructions: 290COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy
                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$d402f49871152670a62f4f28cacb15d814f2c1644e9347ad7d258e562978e45e$misuse
                                                                                                                                                                                                  • API String ID: 3510742995-4167639724
                                                                                                                                                                                                  • Opcode ID: 3d81ba63ee8a6f3a4c2713f311ad1cc41ecb02ce021a806a59d7cbcb4496664b
                                                                                                                                                                                                  • Instruction ID: 8bd4df018404b30993a9681fcdfff16e77a5fa34a7175bbeb40b5468453e20d6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d81ba63ee8a6f3a4c2713f311ad1cc41ecb02ce021a806a59d7cbcb4496664b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5FE15D27E19BC582E6118F2896012BC7360FBA9F88F14A635DF9D17666EF39E1D5C300
                                                                                                                                                                                                  Function 00007FFE75A131B0 Relevance: 9.3, APIs: 3, Strings: 3, Instructions: 268COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$d402f49871152670a62f4f28cacb15d814f2c1644e9347ad7d258e562978e45e$database corruption
                                                                                                                                                                                                  • API String ID: 0-3555682073
                                                                                                                                                                                                  • Opcode ID: 4321559bf69f93f8251e2a472495dd015babe63496fe6d4a76d94a5a3b3648d5
                                                                                                                                                                                                  • Instruction ID: 3f31aa96970043f0dc9e1bc09c9d70e8edec2dce6253aeb420a1d7c65c672e84
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4321559bf69f93f8251e2a472495dd015babe63496fe6d4a76d94a5a3b3648d5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1CB18E33B2879A8AD764CF1AA044A7A77A5FF44F80F414436EA5E47BA5DF39E440C740
                                                                                                                                                                                                  Function 00007FFE75A16710 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 220COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy
                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$d402f49871152670a62f4f28cacb15d814f2c1644e9347ad7d258e562978e45e$database corruption
                                                                                                                                                                                                  • API String ID: 3510742995-3555682073
                                                                                                                                                                                                  • Opcode ID: 169e9676ad0e103efd47378516ed591263eed5ee818653bb5f6132e4be760f6a
                                                                                                                                                                                                  • Instruction ID: d46dcb5d240e206916a44a8b80ef7342960a9f813857c4400545553a2fe2dc08
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 169e9676ad0e103efd47378516ed591263eed5ee818653bb5f6132e4be760f6a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F491F263A187D58ADB208F29E4402BABBB1FB44B84F444532EE9E87B65DF3CD145C740
                                                                                                                                                                                                  Function 00007FFE75A43520 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 215COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy$memset
                                                                                                                                                                                                  • String ID: Cannot add a column to a view$sqlite_altertab_%s$virtual tables may not be altered
                                                                                                                                                                                                  • API String ID: 438689982-2063813899
                                                                                                                                                                                                  • Opcode ID: 56536c5abb995d6ac894b6ad3fc8e81e159f5422ab31b719b97aa9b16485d6c1
                                                                                                                                                                                                  • Instruction ID: 25e780b5cdd5ce7bc56f0b007e0c989289406318ab125096ccd43b2ce9717a78
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56536c5abb995d6ac894b6ad3fc8e81e159f5422ab31b719b97aa9b16485d6c1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6491AC63E18B8986EB50CF55A0102BA77A5FF49F84F458236DEAD077A5EF38E081C700
                                                                                                                                                                                                  Function 00007FF6EB6E8560 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,?,?,00000000,00007FF6EB6E9216), ref: 00007FF6EB6E8592
                                                                                                                                                                                                  • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF6EB6E9216), ref: 00007FF6EB6E85E9
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6EB6E45E4,00000000,00007FF6EB6E1985), ref: 00007FF6EB6E9439
                                                                                                                                                                                                  • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF6EB6E9216), ref: 00007FF6EB6E8678
                                                                                                                                                                                                  • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF6EB6E9216), ref: 00007FF6EB6E86E4
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,00000000,00007FF6EB6E9216), ref: 00007FF6EB6E86F5
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,00000000,00007FF6EB6E9216), ref: 00007FF6EB6E870A
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3462794448-0
                                                                                                                                                                                                  • Opcode ID: b2770b171440e78660be4c91fda42c27049aa369c6710ced6bdf6821ec2ad01d
                                                                                                                                                                                                  • Instruction ID: 0baf5a041a8ea6878e4fa38454d715ccc8b22efc1c79cbd79405a2cb9aa7d94a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b2770b171440e78660be4c91fda42c27049aa369c6710ced6bdf6821ec2ad01d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE41A223B1968241EA319F11A9447AE6394FB8CBC4F040131DE4CA7BA9EE3DE605D70A
                                                                                                                                                                                                  Function 00007FFE75D36488 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 109stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494950414.00007FFE75D31000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFE75D30000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494917275.00007FFE75D30000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D3D000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D95000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DA9000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DB9000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DCD000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75F7C000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75F7E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75FA9000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75FDA000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE76000000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE76026000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495610994.00007FFE7604E000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495645829.00007FFE76054000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76056000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76072000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76076000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75d30000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: strncmp
                                                                                                                                                                                                  • String ID: ASN1:$DER:$critical,
                                                                                                                                                                                                  • API String ID: 1114863663-369496153
                                                                                                                                                                                                  • Opcode ID: d8eae108aa50e8ee9f405d161ab28d2f521657fe406e3845ac9384fbb0e87803
                                                                                                                                                                                                  • Instruction ID: e64a300c771f13970641bee25b8a51a01e6d18becd0195f9f8c5674bcd86d004
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8eae108aa50e8ee9f405d161ab28d2f521657fe406e3845ac9384fbb0e87803
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7419A63B2C7DA41FB589B26AA0037A2691EB55FD8F084436DD6D47AE9EF3CE4008741
                                                                                                                                                                                                  Function 00007FFE75D34DF4 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 108stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494950414.00007FFE75D31000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFE75D30000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494917275.00007FFE75D30000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D3D000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D95000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DA9000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DB9000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DCD000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75F7C000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75F7E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75FA9000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75FDA000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE76000000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE76026000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495610994.00007FFE7604E000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495645829.00007FFE76054000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76056000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76072000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76076000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75d30000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: strncmp
                                                                                                                                                                                                  • String ID: ASN1:$DER:$critical,
                                                                                                                                                                                                  • API String ID: 1114863663-369496153
                                                                                                                                                                                                  • Opcode ID: 5f78d842faca65497d7e082e34e1eaa76c99826f4a218ee81ef128562e321c64
                                                                                                                                                                                                  • Instruction ID: 899153b253a7ec642cf8a2e1291e7d6f6c3b3ff431434204af1f7ba1481a8747
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f78d842faca65497d7e082e34e1eaa76c99826f4a218ee81ef128562e321c64
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC41EF23B2C7CA81EB589B26A90077A6690FB55F94F085136DE6E47BE9DF3CE4048740
                                                                                                                                                                                                  Function 00007FF6EB6E90E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E8760: GetCurrentProcess.KERNEL32 ref: 00007FF6EB6E8780
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E8760: OpenProcessToken.ADVAPI32 ref: 00007FF6EB6E8793
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E8760: GetTokenInformation.ADVAPI32 ref: 00007FF6EB6E87B8
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E8760: GetLastError.KERNEL32 ref: 00007FF6EB6E87C2
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E8760: GetTokenInformation.ADVAPI32 ref: 00007FF6EB6E8802
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E8760: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF6EB6E881E
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6E8760: CloseHandle.KERNEL32 ref: 00007FF6EB6E8836
                                                                                                                                                                                                  • LocalFree.KERNEL32(?,00007FF6EB6E3C55), ref: 00007FF6EB6E916C
                                                                                                                                                                                                  • LocalFree.KERNEL32(?,00007FF6EB6E3C55), ref: 00007FF6EB6E9175
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                  • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                  • API String ID: 6828938-1529539262
                                                                                                                                                                                                  • Opcode ID: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                  • Instruction ID: 6c305aad829b145cd751171a340da23c38f0d3b8c4b948560f15a9f987788d99
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37214F32A1874281EB10AB10E9153EE6361EF8C780F444036EA4D93BB6DF3EEA559746
                                                                                                                                                                                                  Function 00007FF6EB6FB338 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF6EB6F4F81,?,?,?,?,00007FF6EB6FA4FA,?,?,?,?,00007FF6EB6F71FF), ref: 00007FF6EB6FB347
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6EB6F4F81,?,?,?,?,00007FF6EB6FA4FA,?,?,?,?,00007FF6EB6F71FF), ref: 00007FF6EB6FB37D
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6EB6F4F81,?,?,?,?,00007FF6EB6FA4FA,?,?,?,?,00007FF6EB6F71FF), ref: 00007FF6EB6FB3AA
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6EB6F4F81,?,?,?,?,00007FF6EB6FA4FA,?,?,?,?,00007FF6EB6F71FF), ref: 00007FF6EB6FB3BB
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6EB6F4F81,?,?,?,?,00007FF6EB6FA4FA,?,?,?,?,00007FF6EB6F71FF), ref: 00007FF6EB6FB3CC
                                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,00007FF6EB6F4F81,?,?,?,?,00007FF6EB6FA4FA,?,?,?,?,00007FF6EB6F71FF), ref: 00007FF6EB6FB3E7
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                                  • Opcode ID: 6c88e88182f069636ae7df0ba171e708af9cab9deaf2d86c464056bb8d47fe11
                                                                                                                                                                                                  • Instruction ID: 8a6520d2a9f2337960131a0d3b5b3285efd264ffcd86a13a25e164692e83b5be
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c88e88182f069636ae7df0ba171e708af9cab9deaf2d86c464056bb8d47fe11
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95118123A4D64282FA545B21666537D53525F4C7F0F284334E97EC67F6DE2EE401A30B
                                                                                                                                                                                                  Function 00007FF6EB6E2910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6EB6E1B6A), ref: 00007FF6EB6E295E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                  • API String ID: 2050909247-2962405886
                                                                                                                                                                                                  • Opcode ID: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                  • Instruction ID: 559595693af41e9faf0fec96aee0dcedb1f02da12d93645eaf732bfdde120b62
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB31F323B1868152EB209B61AC507EA6795BF8C7D4F000132EE8CC3B65EF3DD6469305
                                                                                                                                                                                                  Function 00007FF6EB6E2B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF6EB6E918F,?,00007FF6EB6E3C55), ref: 00007FF6EB6E2BA0
                                                                                                                                                                                                  • MessageBoxW.USER32 ref: 00007FF6EB6E2C2A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentMessageProcess
                                                                                                                                                                                                  • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                  • API String ID: 1672936522-3797743490
                                                                                                                                                                                                  • Opcode ID: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                  • Instruction ID: 36c0942cce36cfba24c8a8fa134c1d8ec16ab7608f93ecd3109792fececf5f02
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD21DE23708B4182EB209B14F8407AA67A4FB8C7C4F400136EA8D97B79EF3DE615C705
                                                                                                                                                                                                  Function 00007FF6EB6E2710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF6EB6E1B99), ref: 00007FF6EB6E2760
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                  • API String ID: 2050909247-1591803126
                                                                                                                                                                                                  • Opcode ID: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                  • Instruction ID: 77b87ed1b0d20e880baf8943812204ec162427207ed722d059a5af487d0c9c43
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68219F73A1878192EA20DB50B8817EA67A4FB8C784F400132FA8C83B69DF3DD6599705
                                                                                                                                                                                                  Function 00007FF6EB6F9AF8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                  • Opcode ID: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                  • Instruction ID: 1f881bb78b1b7a15414a404584a443bb1a51c93a4742df6ed4f432986b5122d5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BF0C232B0870681EF108B24E4A433A5320EF4D7A1F540236C66E86AF4DF2FE158D709
                                                                                                                                                                                                  Function 00007FFE75A2A5A1 Relevance: 7.9, APIs: 1, Strings: 4, Instructions: 424COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy
                                                                                                                                                                                                  • String ID: d402f49871152670a62f4f28cacb15d814f2c1644e9347ad7d258e562978e45e$out of memory$statement aborts at %d: [%s] %s$string or blob too big
                                                                                                                                                                                                  • API String ID: 3510742995-1943068450
                                                                                                                                                                                                  • Opcode ID: 9c4d68b4f94af32f734b3b6e7d9df889bf64b791a499c1d06553a4b3ec08eb08
                                                                                                                                                                                                  • Instruction ID: 329867517111047ceacccda83bfac83c8347a7e4cddb04c486c5bdc50988e88b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c4d68b4f94af32f734b3b6e7d9df889bf64b791a499c1d06553a4b3ec08eb08
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69128A37A287828AEB50CB66D0416AD7BB5FF85B98F004436EE5D57BA5DF38E440CB40
                                                                                                                                                                                                  Function 00007FFE75A18EE0 Relevance: 7.9, APIs: 2, Strings: 3, Instructions: 375COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy
                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$d402f49871152670a62f4f28cacb15d814f2c1644e9347ad7d258e562978e45e$database corruption
                                                                                                                                                                                                  • API String ID: 3510742995-3555682073
                                                                                                                                                                                                  • Opcode ID: 34ea4677d56625c806882e8d22be7c855017d43ae16beb1a5a710e029f07a9e9
                                                                                                                                                                                                  • Instruction ID: 609ace7f5d77869b2d1765a2b21414f2c4419deb195420125c2d0fe8deb20909
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34ea4677d56625c806882e8d22be7c855017d43ae16beb1a5a710e029f07a9e9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64F18063A287928AEB64CB259444ABD37B2FF44F88F144835EE6D476A5DF3DE841C301
                                                                                                                                                                                                  Function 00007FFE75A87700 Relevance: 7.9, APIs: 1, Strings: 4, Instructions: 367COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy
                                                                                                                                                                                                  • String ID: hidden$vtable constructor called recursively: %s$vtable constructor did not declare schema: %s$vtable constructor failed: %s
                                                                                                                                                                                                  • API String ID: 3510742995-1299490920
                                                                                                                                                                                                  • Opcode ID: 5c33888db39d5f54c260b27c5133274557b3a1198747239411aa99b34e4e1f8b
                                                                                                                                                                                                  • Instruction ID: b4d1a978b5be9ddf314958cef2696a8c8e13b9aa6d3609ddfb648f712f44b1ae
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c33888db39d5f54c260b27c5133274557b3a1198747239411aa99b34e4e1f8b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5F1AD63A28B8282EB528B15A440279B7A5FF45F94F484232DEBE477B5DF3DE591C300
                                                                                                                                                                                                  Function 00007FFE75A19420 Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 343COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy
                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$d402f49871152670a62f4f28cacb15d814f2c1644e9347ad7d258e562978e45e$database corruption
                                                                                                                                                                                                  • API String ID: 3510742995-3555682073
                                                                                                                                                                                                  • Opcode ID: b7c7ac0b3cb2afae1767e4f978a22fe9b7af282f36e22eeb9236224844bf103e
                                                                                                                                                                                                  • Instruction ID: 99fe7ccbae763749337c9141db77a5661d6090b05bef13df81021eef89a457b2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7c7ac0b3cb2afae1767e4f978a22fe9b7af282f36e22eeb9236224844bf103e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AEE17C73618B818AE7A09B15D044BAA77B2FB45F84F144436EF9E477A5DF39E844C700
                                                                                                                                                                                                  Function 00007FFE75A14F00 Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 311COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memset
                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$d402f49871152670a62f4f28cacb15d814f2c1644e9347ad7d258e562978e45e$database corruption
                                                                                                                                                                                                  • API String ID: 2221118986-3555682073
                                                                                                                                                                                                  • Opcode ID: 00326e205c24c4ae0db47ea0668257d943ca854a6124187d41870b340c2d8fea
                                                                                                                                                                                                  • Instruction ID: aed0fd3855160107c1dc934ed4f8e7b09f5daf1d25776c759654bf19acc2dceb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 00326e205c24c4ae0db47ea0668257d943ca854a6124187d41870b340c2d8fea
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0D19C33A2878586DB64CF2AE0446A977A4FF88F84F154436DE9D477A4EF38D441CB00
                                                                                                                                                                                                  Function 00007FFE75A4EDB0 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 198COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy
                                                                                                                                                                                                  • String ID: $, $CREATE TABLE $out of memory
                                                                                                                                                                                                  • API String ID: 3510742995-2564229752
                                                                                                                                                                                                  • Opcode ID: ed5deb6d5210755fe7fce07642dfb65231f7d37d7d78de807a17ee50d03ce265
                                                                                                                                                                                                  • Instruction ID: d1f90824514cd228c6b23e6e2b33fa298c4d62ff2caeab0c324179f52f7708ac
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed5deb6d5210755fe7fce07642dfb65231f7d37d7d78de807a17ee50d03ce265
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA81E463A2878186EB118F68A4402B9B7A1FF94FA8F484639DE6D477E1DF3DD446C300
                                                                                                                                                                                                  Function 00007FFE75A184C0 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 193COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy
                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$d402f49871152670a62f4f28cacb15d814f2c1644e9347ad7d258e562978e45e$database corruption
                                                                                                                                                                                                  • API String ID: 3510742995-3555682073
                                                                                                                                                                                                  • Opcode ID: 202e20996cdd153d455dabf2fe7f47061cd7b2d760f50778d478babe6e88c05c
                                                                                                                                                                                                  • Instruction ID: 5008257bc239e4f55b65ab824120f20a2b3811d69074583e31d85226d0afe296
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 202e20996cdd153d455dabf2fe7f47061cd7b2d760f50778d478babe6e88c05c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C681CD73A18B9286EB50CB25D454BA977A1FB48F84F008436EBAD437A1EF39E445C701
                                                                                                                                                                                                  Function 00007FFE75A865E0 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 158stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,00000000,00007FFE75A86878), ref: 00007FFE75A86737
                                                                                                                                                                                                  • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,00000000,00007FFE75A86878), ref: 00007FFE75A86751
                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,00007FFE75A86878), ref: 00007FFE75A867E8
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: strncmp$memcpy
                                                                                                                                                                                                  • String ID: CRE$INS
                                                                                                                                                                                                  • API String ID: 2549481713-4116259516
                                                                                                                                                                                                  • Opcode ID: cfabcf40e4e4a0c0911a8f0ee7b06bb78144152439e4c91310bc28ae8477b572
                                                                                                                                                                                                  • Instruction ID: cc38f2f6964c3b13e6b307a9b07edd2490a053891d29580228fe442536d43084
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cfabcf40e4e4a0c0911a8f0ee7b06bb78144152439e4c91310bc28ae8477b572
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 85519B22B29B8281FA669F12A4502796791BFA0FD0F584635DE7D4B7B5DF3CF8428340
                                                                                                                                                                                                  Function 00007FFE75A15F30 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 153COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy
                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$d402f49871152670a62f4f28cacb15d814f2c1644e9347ad7d258e562978e45e$database corruption
                                                                                                                                                                                                  • API String ID: 3510742995-3555682073
                                                                                                                                                                                                  • Opcode ID: 359d271134ef35200fc35049a71bb4995a7c723c7d8a253023562a296778ba67
                                                                                                                                                                                                  • Instruction ID: 6f21c160911691bd0ae2f0f7bb6644e1befe500b2f9e540b746a4d8f70dfed17
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 359d271134ef35200fc35049a71bb4995a7c723c7d8a253023562a296778ba67
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35510F73618BD085DB10CB19E4409AEBBA1FB58B84F14853AEA9E43B65DB3CC095CB10
                                                                                                                                                                                                  Function 00007FFE759FC200 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 110COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy$memset
                                                                                                                                                                                                  • String ID: delayed %dms for lock/sharing conflict at line %d$winRead
                                                                                                                                                                                                  • API String ID: 438689982-1843600136
                                                                                                                                                                                                  • Opcode ID: 252a00c4f0c4d00450334099dad87dfd63f4a9ad9cfd01e6633a8cccdcdbb77a
                                                                                                                                                                                                  • Instruction ID: 40f441f80ae32024591e71b2516441a1705bf8a12ab69334d93d5d0298edd2e0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 252a00c4f0c4d00450334099dad87dfd63f4a9ad9cfd01e6633a8cccdcdbb77a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A841FD23A2CB0282E6609F25E8805BD7365FB84F84F548536EA7D436B9DF3CE4468340
                                                                                                                                                                                                  Function 00007FF6EB7093D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _set_statfp
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1156100317-0
                                                                                                                                                                                                  • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                  • Instruction ID: eeef7d6691ee3f30502df96db1c66932442b4fb160b368151ae418d15a4e07d3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4116D73E5CA1201FE54112CD45637624546F5D374E040636FAAE86AF6AE2FAD61430F
                                                                                                                                                                                                  Function 00007FF6EB6FB400 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF6EB6FA613,?,?,00000000,00007FF6EB6FA8AE,?,?,?,?,?,00007FF6EB6FA83A), ref: 00007FF6EB6FB41F
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6EB6FA613,?,?,00000000,00007FF6EB6FA8AE,?,?,?,?,?,00007FF6EB6FA83A), ref: 00007FF6EB6FB43E
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6EB6FA613,?,?,00000000,00007FF6EB6FA8AE,?,?,?,?,?,00007FF6EB6FA83A), ref: 00007FF6EB6FB466
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6EB6FA613,?,?,00000000,00007FF6EB6FA8AE,?,?,?,?,?,00007FF6EB6FA83A), ref: 00007FF6EB6FB477
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6EB6FA613,?,?,00000000,00007FF6EB6FA8AE,?,?,?,?,?,00007FF6EB6FA83A), ref: 00007FF6EB6FB488
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                  • Opcode ID: 43a5c13e669b9c0dc60c9d5204f3187f9cebb30c335aac4df6ce1d0b58ad24f5
                                                                                                                                                                                                  • Instruction ID: 78d88810d5d1380cdd439fa9a256815443de910b71fa3d554db0cda106c997b8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43a5c13e669b9c0dc60c9d5204f3187f9cebb30c335aac4df6ce1d0b58ad24f5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C116023E0960241FA589F21666137953565F4C7B0F2C8334E97DC6AFADE2EE401A70A
                                                                                                                                                                                                  Function 00007FF6EB6FB294 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                  • Opcode ID: 8aa69c65082f5ed190463b1c2d732539134b8ecb86da000f77e4666776fecf75
                                                                                                                                                                                                  • Instruction ID: 29164dbb3ae6da730c95194c830f1dbb6b815dc106783981693e491baec92213
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8aa69c65082f5ed190463b1c2d732539134b8ecb86da000f77e4666776fecf75
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE112A23E4920741F9586A21546237D13525F4D370F6C4734D93ECA6F2DD2EB402735B
                                                                                                                                                                                                  Function 00007FF6EB6F6010 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: verbose
                                                                                                                                                                                                  • API String ID: 3215553584-579935070
                                                                                                                                                                                                  • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                  • Instruction ID: 5335feb5b1db327f02bedd203370899db5c865756d8e3ea79834ca855dec3ff1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C991C133A08A4685F7618EA8D45137D37A1BB48B94F644236DA5EC33E5DF3EE405E30A
                                                                                                                                                                                                  Function 00007FF6EB6FFC38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                  • API String ID: 3215553584-1196891531
                                                                                                                                                                                                  • Opcode ID: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                  • Instruction ID: ddb476847552f79e83febd12376fe2bdae5193a9e8226f6299b3c7ed3c90de3b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0681B133E0B24295F7A44E25911037937A1AB19B88F754035DA8DD76F5DF2FE901A30B
                                                                                                                                                                                                  Function 00007FFE759F23F0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 162COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _localtime64_s
                                                                                                                                                                                                  • String ID: $-$ilable
                                                                                                                                                                                                  • API String ID: 4067328638-1697327243
                                                                                                                                                                                                  • Opcode ID: 07222efb54aca7e5599b46f9929d52f06c601d073639c5f7a7fb7aa77e88f4a4
                                                                                                                                                                                                  • Instruction ID: eb48359e43abe69c0b531c7d411681d8ce613c9340939d2d61ae3c50b336b654
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 07222efb54aca7e5599b46f9929d52f06c601d073639c5f7a7fb7aa77e88f4a4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5671BE73A287458AEB14CF34D9503B833A0FB58B88F048236EA2D477A5EF39E595C750
                                                                                                                                                                                                  Function 00007FF6EB6ED6B8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                  • API String ID: 2395640692-1018135373
                                                                                                                                                                                                  • Opcode ID: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                  • Instruction ID: 92cac2e8c8891cd427f05319d8d2ffaa57c64ff3fa3be3a12adbcfbf3963599c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A751C133B196028ADB14CB19D804B3D7391EB48B98F109130DA5EA77A8EF3EE941D705
                                                                                                                                                                                                  Function 00007FF6EB6EF2F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                  • String ID: csm$csm
                                                                                                                                                                                                  • API String ID: 3896166516-3733052814
                                                                                                                                                                                                  • Opcode ID: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                  • Instruction ID: 12214e448705f9820e58ad0ecf48c3b6f3006c8d82a916d34c0bb061ff62311a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F519133918282C7FB648E21984436D37A0EB68B84F145135EA9C877E5DF3EE650DB0A
                                                                                                                                                                                                  Function 00007FF6EB6EEF48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                                                                                  • API String ID: 3544855599-2084237596
                                                                                                                                                                                                  • Opcode ID: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                  • Instruction ID: 09cd3b66279d0f728c832bdd6bfb0934e852c5e922abea091c5afe90d31e543c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82618133918BC582E7608B15E8403AEB7A0FB89794F044225EBDC47BA5DF7DE294CB05
                                                                                                                                                                                                  Function 00007FFE75D32833 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494950414.00007FFE75D31000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFE75D30000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494917275.00007FFE75D30000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D3D000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D95000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DA9000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DB9000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DCD000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75F7C000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75F7E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75FA9000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75FDA000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE76000000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE76026000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495610994.00007FFE7604E000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495645829.00007FFE76054000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76056000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76072000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76076000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75d30000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: ..\s\crypto\async\async.c$T
                                                                                                                                                                                                  • API String ID: 0-2182492907
                                                                                                                                                                                                  • Opcode ID: ff41bc65039b47ab996ee5ec64ff4c066eecd28c4df33d5096f09e5c19e0fd6c
                                                                                                                                                                                                  • Instruction ID: 980ffe92b83209102a4820abab6674ac2695db4deb014645354b0c407aea5dd3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff41bc65039b47ab996ee5ec64ff4c066eecd28c4df33d5096f09e5c19e0fd6c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4516B33A2D78686FB249B21D8006AA7761EF84F88F414435DB7D07BA6EF7DE5498700
                                                                                                                                                                                                  Function 00007FF6EB6E7E10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(00000000,?,00007FF6EB6E352C,?,00000000,00007FF6EB6E3F23), ref: 00007FF6EB6E7F22
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateDirectory
                                                                                                                                                                                                  • String ID: %.*s$%s%c$\
                                                                                                                                                                                                  • API String ID: 4241100979-1685191245
                                                                                                                                                                                                  • Opcode ID: 517c45005fecb665460f06d6deeb7a52b86fc8f3bacaeb8cdec2a0b3fdaf0698
                                                                                                                                                                                                  • Instruction ID: 319b2bb2b50d411cea74c1a3c28c31a6812fe793d759ddc26c0fbf84273cd098
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 517c45005fecb665460f06d6deeb7a52b86fc8f3bacaeb8cdec2a0b3fdaf0698
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B631D833619AC145EA218721A8507BE6354EF8CBE4F041231EE6D8BBE9EE2DD7059705
                                                                                                                                                                                                  Function 00007FF6EB6E2810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                                  • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                  • API String ID: 2030045667-255084403
                                                                                                                                                                                                  • Opcode ID: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                  • Instruction ID: c9d2a9afffd21f7cf7315f7f1a6fd403f38dd9b051ce6695b913c29d651cf5b3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B21BF63B08B4182EB209B14B8407AA67A4FB8C780F400132EA8D97B79EF3DD659D705
                                                                                                                                                                                                  Function 00007FFE75D36438 Relevance: 6.4, APIs: 2, Strings: 2, Instructions: 395COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494950414.00007FFE75D31000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFE75D30000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494917275.00007FFE75D30000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D3D000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D95000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DA9000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DB9000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DCD000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75F7C000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75F7E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75FA9000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75FDA000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE76000000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE76026000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495610994.00007FFE7604E000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495645829.00007FFE76054000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76056000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76072000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76076000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75d30000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memset
                                                                                                                                                                                                  • String ID: ..\s\crypto\sm2\sm2_crypt.c$@
                                                                                                                                                                                                  • API String ID: 2221118986-485510600
                                                                                                                                                                                                  • Opcode ID: 0221cd94063522fa528d14979ca395964b61fcf73b6bdf77cf2338d9ebfc62de
                                                                                                                                                                                                  • Instruction ID: 3bdf213297d09cc60f24b5834eb30469f4dcb8cb3df53446494d73c241b25bc3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0221cd94063522fa528d14979ca395964b61fcf73b6bdf77cf2338d9ebfc62de
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80028C73A2DBC381EB24DB16E4046AA6760FB85F84F504535EAAD07BA5DF3DE905CB00
                                                                                                                                                                                                  Function 00007FFE75A4F090 Relevance: 6.3, APIs: 5, Instructions: 70COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy$memset
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 438689982-0
                                                                                                                                                                                                  • Opcode ID: 3aa1833d59d011e02b0074d9cb4a755dba8b743ff5f5d8bcc926a2e6b2d641f2
                                                                                                                                                                                                  • Instruction ID: 86819faf75df845c0898e81b35bab69c8fbba3d62d95a743ee435e59a3da76cf
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3aa1833d59d011e02b0074d9cb4a755dba8b743ff5f5d8bcc926a2e6b2d641f2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2218263A28B5287DA649F1AF5511BAB3A1FF44BC0B045135EB9E47F66DF2CE051C700
                                                                                                                                                                                                  Function 00007FF6EB6FC610 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2718003287-0
                                                                                                                                                                                                  • Opcode ID: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                  • Instruction ID: 35c7916862f4e25fe6c84fef41ed173e9e443530c12e2a7c0bba6a3eb730f199
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8D13673B18A818AEB10CF78D4402AC3771FB48798F108236DE5D97BA9DE3AE016D345
                                                                                                                                                                                                  Function 00007FFE759FD450 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 249COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memset
                                                                                                                                                                                                  • String ID: %s-shm$readonly_shm$winOpenShm
                                                                                                                                                                                                  • API String ID: 2221118986-2815843928
                                                                                                                                                                                                  • Opcode ID: aa45c74296746f0637ad9dfea9f04bb0fb6807a46db2e42f0aed5e47fddf065e
                                                                                                                                                                                                  • Instruction ID: 5dcb881e3f9aa16d8b3a56f87c772dcc2091c949cde7c8257cc3077f158b0e60
                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa45c74296746f0637ad9dfea9f04bb0fb6807a46db2e42f0aed5e47fddf065e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 04C12627A29B4282FBA49F61A45067933A0FF85F54F184635DABE466B4DF3CE847C340
                                                                                                                                                                                                  Function 00007FFE75A16380 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 248COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$d402f49871152670a62f4f28cacb15d814f2c1644e9347ad7d258e562978e45e$database corruption
                                                                                                                                                                                                  • API String ID: 0-3555682073
                                                                                                                                                                                                  • Opcode ID: 7e4cee419da9ffef0788b89644261a978b7bbe1e3e359d9659beacb721536f73
                                                                                                                                                                                                  • Instruction ID: c72cfd986ac3301a5722ce882a01f986286ca7d0a6d92b22728a62946fe073ba
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e4cee419da9ffef0788b89644261a978b7bbe1e3e359d9659beacb721536f73
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DBA16713A2C3E246D3689B15A1608BE7EB1EB50B45F044936EFFB83FA1DA2CE554D710
                                                                                                                                                                                                  Function 00007FFE75A81110 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,?,?,?,?,?,00000080,?,00000000,00007FFE75A815F0), ref: 00007FFE75A812BB
                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,?,?,?,?,?,00000080,?,00000000,00007FFE75A815F0), ref: 00007FFE75A8133E
                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,?,?,?,?,?,00000080,?,00000000,00007FFE75A815F0), ref: 00007FFE75A8142B
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy
                                                                                                                                                                                                  • String ID: RETURNING may not use "TABLE.*" wildcards
                                                                                                                                                                                                  • API String ID: 3510742995-2313493979
                                                                                                                                                                                                  • Opcode ID: 24143fa4fc9b1997727c2b2ed086da4a333c261e0fe8de78cae4c1239da31e1a
                                                                                                                                                                                                  • Instruction ID: 661a210550f1e7ad8de158fdf79ed1b52ae0b0876a386735d280646b10687af8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24143fa4fc9b1997727c2b2ed086da4a333c261e0fe8de78cae4c1239da31e1a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11B17B63A18B8186EB61CF15D4402A977A1FB99FA4F098235DA7C477E5EF38E190C340
                                                                                                                                                                                                  Function 00007FF6EB6FCFD0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EB6FCFBB), ref: 00007FF6EB6FD0EC
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EB6FCFBB), ref: 00007FF6EB6FD177
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 953036326-0
                                                                                                                                                                                                  • Opcode ID: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                  • Instruction ID: a1b538c4b22225fbc2996a9dcb849cfcde41c6d4d421ac77716eb8cd02873799
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41910673F1865295F750DF6594403BD2BA0BB48B88F244139DE0EA3AA5DF3EE442E706
                                                                                                                                                                                                  Function 00007FFE75A5AFE0 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 216COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy
                                                                                                                                                                                                  • String ID: $-$orized
                                                                                                                                                                                                  • API String ID: 3510742995-501658509
                                                                                                                                                                                                  • Opcode ID: 30b8af4081411863c740e03818bbe690f64ed1b862820e48f4dfe1df2aad18e0
                                                                                                                                                                                                  • Instruction ID: 46a3ad1fc4aab19fbacc0d019415b29a68d05d40d3f0c8f0a12d21214fc244e3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30b8af4081411863c740e03818bbe690f64ed1b862820e48f4dfe1df2aad18e0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D918923A2974A8AEB649F659440A7C63A0FF44F85F088535DE2E077B5DF3CE842D310
                                                                                                                                                                                                  Function 00007FFE75A88C50 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 213COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy
                                                                                                                                                                                                  • String ID: AND $<expr>$rowid
                                                                                                                                                                                                  • API String ID: 3510742995-4041574714
                                                                                                                                                                                                  • Opcode ID: 016c7c773bcf2607276abf59fe97fb2a5a6a2bda73357961292f296636e26e51
                                                                                                                                                                                                  • Instruction ID: 4aa8930d4eacbd8588f47e409ad16759c8cb394d3495957949679573f852e6c9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 016c7c773bcf2607276abf59fe97fb2a5a6a2bda73357961292f296636e26e51
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AFA1A733A287428AFB49CF29D49053877A2EB55F94F544835DA3A473A8DF7CE881C790
                                                                                                                                                                                                  Function 00007FFE75A0F230 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 184COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memset
                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$d402f49871152670a62f4f28cacb15d814f2c1644e9347ad7d258e562978e45e$database corruption
                                                                                                                                                                                                  • API String ID: 2221118986-3555682073
                                                                                                                                                                                                  • Opcode ID: ddd522a835a7b3969807c020dd25e39d58f4a69681c1d2fd4a34c70fbf19c214
                                                                                                                                                                                                  • Instruction ID: 911a36015099e2adb613cf3c5071f9e2017c031ac1a28240414590e4dd7c16dd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ddd522a835a7b3969807c020dd25e39d58f4a69681c1d2fd4a34c70fbf19c214
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0671591393C3E345E359AA25B5E04BD7E91EB11B05B044236EFFE536E1E92CE546D320
                                                                                                                                                                                                  Function 00007FFE75A08750 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 176COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$d402f49871152670a62f4f28cacb15d814f2c1644e9347ad7d258e562978e45e$database corruption
                                                                                                                                                                                                  • API String ID: 0-3555682073
                                                                                                                                                                                                  • Opcode ID: 93c8a8b6178ca28517f437103b382abd13c678927534f00288c5f0f1f39f8efa
                                                                                                                                                                                                  • Instruction ID: 7f3daa6539832ee84a58ac8518d4507b9985f3f44b6ddd98c54768bbfb1210c9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93c8a8b6178ca28517f437103b382abd13c678927534f00288c5f0f1f39f8efa
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3710663A38B4382FA659F12A44037A67A1FF84FC4F184435CAAD476B5EF3CE8468345
                                                                                                                                                                                                  Function 00007FFE75A54640 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 168COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: , $index '%q'
                                                                                                                                                                                                  • API String ID: 0-2319803734
                                                                                                                                                                                                  • Opcode ID: 093b74f7e6ef0e45855eee4bf8e6662458f8747194146369894fa9ecdfd75860
                                                                                                                                                                                                  • Instruction ID: cdd3e4406a27c12e4cd762d9f5959d4e7f3c0bbd4236d4fd9a3d08c3d0c39501
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 093b74f7e6ef0e45855eee4bf8e6662458f8747194146369894fa9ecdfd75860
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA619C33F287558AEB148B75D440ABC3BA0BB55B98F240639DE3E57BA9DF38D4418740
                                                                                                                                                                                                  Function 00007FFE75A4A250 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 166COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy
                                                                                                                                                                                                  • String ID: cannot detach database %s$database %s is locked$no such database: %s
                                                                                                                                                                                                  • API String ID: 3510742995-1259387423
                                                                                                                                                                                                  • Opcode ID: 22ecf6e61b1a1575a68ebd366276d266691b1ae0c72f89859ebf79af45cbd9a2
                                                                                                                                                                                                  • Instruction ID: dcbccc3faed7ba6476bd8ba96472cb62132429e58e4fb9b353dcc3d57e153662
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22ecf6e61b1a1575a68ebd366276d266691b1ae0c72f89859ebf79af45cbd9a2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B718F67A29B4286EB648B4AD04037963A2FF48F88F548135DF6D07BA5DF3DE496C340
                                                                                                                                                                                                  Function 00007FFE75DE3670 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 155stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494950414.00007FFE75DCD000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFE75D30000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494917275.00007FFE75D30000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D31000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D3D000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D95000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DA9000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DB9000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75F7C000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75F7E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75FA9000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75FDA000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE76000000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE76026000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495610994.00007FFE7604E000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495645829.00007FFE76054000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76056000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76072000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76076000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75d30000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: strncmp
                                                                                                                                                                                                  • String ID: content-type
                                                                                                                                                                                                  • API String ID: 1114863663-3266185539
                                                                                                                                                                                                  • Opcode ID: 9149a207f63ff6cefbafe74c31daf3c7282476c29afe9e95b5b71f046a1f5000
                                                                                                                                                                                                  • Instruction ID: e3fe906b0dc4e0097c7984a26ec15cccd4699d7464beb07025285c6e6f8de6e9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9149a207f63ff6cefbafe74c31daf3c7282476c29afe9e95b5b71f046a1f5000
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7051F263B2C78B81FA60A726958037B6291BF95F98F141230DF7D47AE5EEACF5018301
                                                                                                                                                                                                  Function 00007FFE75A089E0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 138COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memset
                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$d402f49871152670a62f4f28cacb15d814f2c1644e9347ad7d258e562978e45e$database corruption
                                                                                                                                                                                                  • API String ID: 2221118986-3555682073
                                                                                                                                                                                                  • Opcode ID: 4e958a3d1a49056a62e5f39a704eedca47805cc12720ed27c9ea3e75a25f6360
                                                                                                                                                                                                  • Instruction ID: bf87f117f6c9e60e01599d119493a575f4f76ab8be558837772f1d347bee042b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e958a3d1a49056a62e5f39a704eedca47805cc12720ed27c9ea3e75a25f6360
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13517B63A29B8296FB54DB26E5406AE73A4FF48F84F144036DE6D43764EF38E451C304
                                                                                                                                                                                                  Function 00007FFE75A24459 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 135COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcmp
                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$d402f49871152670a62f4f28cacb15d814f2c1644e9347ad7d258e562978e45e$database corruption
                                                                                                                                                                                                  • API String ID: 1475443563-3555682073
                                                                                                                                                                                                  • Opcode ID: 360978be0160d9dc653be04e2987ec6781d6e88871dde3461f68f09fad7c71dd
                                                                                                                                                                                                  • Instruction ID: ba52b547b7f5ff5b406376c00092b4559f51cd28fd52d406653b7fe3f6bf3c3e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 360978be0160d9dc653be04e2987ec6781d6e88871dde3461f68f09fad7c71dd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A141E477E2C79186E7158F24F0015BD7F90AF80F94F094836CFA847AA6DE6CE9968710
                                                                                                                                                                                                  Function 00007FFE75A29633 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 131COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy
                                                                                                                                                                                                  • String ID: out of memory$string or blob too big
                                                                                                                                                                                                  • API String ID: 3510742995-2410398255
                                                                                                                                                                                                  • Opcode ID: 6be7993830d6bd4741bdee39679c35572b44f794930f0175488b77e1a5113178
                                                                                                                                                                                                  • Instruction ID: 999a15b251542a9d5c0319b09582a09ef1a64c9ac22efa98e96cbe26eaedff52
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6be7993830d6bd4741bdee39679c35572b44f794930f0175488b77e1a5113178
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1519327A2879286E7509F11D04167EAB61FF95F84F058832EFAE47BA6DF3CE4419700
                                                                                                                                                                                                  Function 00007FFE75A16180 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 126COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy
                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$d402f49871152670a62f4f28cacb15d814f2c1644e9347ad7d258e562978e45e$database corruption
                                                                                                                                                                                                  • API String ID: 3510742995-3555682073
                                                                                                                                                                                                  • Opcode ID: 2b78a1be8a651ebdac31c8abec6b1ad138140c822689a7de81f6e0181fc86e77
                                                                                                                                                                                                  • Instruction ID: 86d2dcc6256313fd76bd19892d8e472e34809493a729bb646854bf50ccee38cd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b78a1be8a651ebdac31c8abec6b1ad138140c822689a7de81f6e0181fc86e77
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77517833A28BC186DB208F15E4402AAB7B5FB94B84F544432EE9D57B69DF3CD095C700
                                                                                                                                                                                                  Function 00007FFE75A1D320 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 125COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy
                                                                                                                                                                                                  • String ID: $%!.15g$-
                                                                                                                                                                                                  • API String ID: 3510742995-875264902
                                                                                                                                                                                                  • Opcode ID: dd712188b80e43cb01439b4536d0eba5254fab36257012a11467c341c7282c95
                                                                                                                                                                                                  • Instruction ID: 8cbef49033ee1c4c9f155835bfd4fa4f57920062d518844c33057e201906f5da
                                                                                                                                                                                                  • Opcode Fuzzy Hash: dd712188b80e43cb01439b4536d0eba5254fab36257012a11467c341c7282c95
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD51D323A2CB9185E7A09B29E04037967A0EF55F98F144635EBAE4B7E5DB3DE441C700
                                                                                                                                                                                                  Function 00007FFE75A0A710 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 113COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memset
                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$d402f49871152670a62f4f28cacb15d814f2c1644e9347ad7d258e562978e45e$database corruption
                                                                                                                                                                                                  • API String ID: 2221118986-3555682073
                                                                                                                                                                                                  • Opcode ID: 3db630359dc31f5071969d710fde6a18e5e92dc69d362f1c30d95904ebce84ef
                                                                                                                                                                                                  • Instruction ID: c434d2c2ae4fcdf6d10efbc87f42f4a24f34c9e3eee30121033fd90a501586c3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3db630359dc31f5071969d710fde6a18e5e92dc69d362f1c30d95904ebce84ef
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70419D23A38B4182EB608F15E0406BA77A5FF88F90F554135EAAE577A4EF3CD846C750
                                                                                                                                                                                                  Function 00007FF6EB6ED080 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                  • Opcode ID: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                  • Instruction ID: fcbb76bfa5138d37d9f257d9b654a3fb0ffe3e3aa90902b9caa3e4703497c118
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F114C32B14B058AEF00CB60E8553A933A4FB1D758F040E31DA2D86BB4EF39D2698345
                                                                                                                                                                                                  Function 00007FF6EB705B8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: ?
                                                                                                                                                                                                  • API String ID: 1286766494-1684325040
                                                                                                                                                                                                  • Opcode ID: 8108d8be77440c3e9c62f2a415d3a3f63afd5a4d850aaf976d1496cecaf540be
                                                                                                                                                                                                  • Instruction ID: 8b545a5c830b09c614cf13510ea734615d7222cd0fb863721a4b6ef90f097fc3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8108d8be77440c3e9c62f2a415d3a3f63afd5a4d850aaf976d1496cecaf540be
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62412723A2828246FF249B25D48137A57A0EB98BA4F144236EF5C87EF5EE3FD451C705
                                                                                                                                                                                                  Function 00007FF6EB6F9084 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6EB6F90B6
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6FA9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF6EB702D92,?,?,?,00007FF6EB702DCF,?,?,00000000,00007FF6EB703295,?,?,?,00007FF6EB7031C7), ref: 00007FF6EB6FA9CE
                                                                                                                                                                                                    • Part of subcall function 00007FF6EB6FA9B8: GetLastError.KERNEL32(?,?,?,00007FF6EB702D92,?,?,?,00007FF6EB702DCF,?,?,00000000,00007FF6EB703295,?,?,?,00007FF6EB7031C7), ref: 00007FF6EB6FA9D8
                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6EB6ECC15), ref: 00007FF6EB6F90D4
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: C:\Users\user\Desktop\LEmcGUQfA7.exe
                                                                                                                                                                                                  • API String ID: 3580290477-73785354
                                                                                                                                                                                                  • Opcode ID: 2cf9991d5cc0f55d4af5251d222b056ff2fa25707e1fd1ed9fb4097698885552
                                                                                                                                                                                                  • Instruction ID: 995b60b9810a180056fc38fb799e2e0a667cdd35e4c74478521aaec5d6106e1b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cf9991d5cc0f55d4af5251d222b056ff2fa25707e1fd1ed9fb4097698885552
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9041A233A0CB0285EB14DF25A8402BC27A5EF4C7C4B654035EA4D83BB5DF3EE491974A
                                                                                                                                                                                                  Function 00007FF6EB6FCCA8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                                                  • String ID: U
                                                                                                                                                                                                  • API String ID: 442123175-4171548499
                                                                                                                                                                                                  • Opcode ID: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                  • Instruction ID: 8987cfdd2d186d2c5ed040816286de8535d9e03e600ffcea8f83c79dbf0ff1f2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D41A233B19A4581DB208F25E8443AEAB65FB88794F944031EE4DC7BA8EF3DD501D745
                                                                                                                                                                                                  Function 00007FF6EB6FF628 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentDirectory
                                                                                                                                                                                                  • String ID: :
                                                                                                                                                                                                  • API String ID: 1611563598-336475711
                                                                                                                                                                                                  • Opcode ID: 779a21297323b81187f7e0c7d27b40be9ec8fbab2d126766b2de98969da868de
                                                                                                                                                                                                  • Instruction ID: bbde267ec243dd0fca6223d253e8cd83c5e8976ceb58e3f6aadd5b9548bb1680
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 779a21297323b81187f7e0c7d27b40be9ec8fbab2d126766b2de98969da868de
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1621D563A0828182EB209F11D45436D63B1FB8CB44FA58035D68C836B4DF7EE5458B46
                                                                                                                                                                                                  Function 00007FF6EB6EFDB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                  • API String ID: 2573137834-1018135373
                                                                                                                                                                                                  • Opcode ID: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                  • Instruction ID: 90aca090ba7d65baea049ad3de81b0c5af0099de195bf11f76fe52d1c689622f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16111C33619B8182EB618F15F8402597BE4FB88B84F584231DACD47B65EF3ED6518B04
                                                                                                                                                                                                  Function 00007FF6EB7007AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2492542213.00007FF6EB6E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6EB6E0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492478506.00007FF6EB6E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492595178.00007FF6EB70B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB71E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492635085.00007FF6EB721000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2492708260.00007FF6EB724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6eb6e0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: :
                                                                                                                                                                                                  • API String ID: 2595371189-336475711
                                                                                                                                                                                                  • Opcode ID: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                  • Instruction ID: 129fa04c7b08868fb20fe59c395c4a4259d36625c479b5afb26efe2458d55c02
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E01712391C24785FF209F60946537E23A0EF4C758F941036D54DC6AB1EF3EE5148B1A
                                                                                                                                                                                                  Function 00007FFE759F4EF5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _msizerealloc
                                                                                                                                                                                                  • String ID: failed memory resize %u to %u bytes
                                                                                                                                                                                                  • API String ID: 2713192863-2134078882
                                                                                                                                                                                                  • Opcode ID: 3afd9f7e06eeca69acae76e5623c7c2da13c1c55625a694251ee82cf30644e66
                                                                                                                                                                                                  • Instruction ID: 1b8c259e3c734a0fb8caec2cfde260afd22e2c4e5aad863b2db73b716e049aae
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3afd9f7e06eeca69acae76e5623c7c2da13c1c55625a694251ee82cf30644e66
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74E06D22B2978182EA948B16F5404796760AF48FD4B049134EE2E5BF79EF2CE586C780
                                                                                                                                                                                                  Function 00007FFE75F6B080 Relevance: 5.2, APIs: 4, Instructions: 239COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • memchr.VCRUNTIME140(00007FFE75F6AFEB,00000000,?,00000000,00007FFE75F6A289), ref: 00007FFE75F6B1BB
                                                                                                                                                                                                  • memchr.VCRUNTIME140(00007FFE75F6AFEB,00000000,?,00000000,00007FFE75F6A289), ref: 00007FFE75F6B203
                                                                                                                                                                                                  • memchr.VCRUNTIME140(00007FFE75F6AFEB,00000000,?,00000000,00007FFE75F6A289), ref: 00007FFE75F6B21D
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2494950414.00007FFE75DCD000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFE75D30000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494917275.00007FFE75D30000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D31000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D3D000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75D95000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DA9000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75DB9000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2494950414.00007FFE75F7C000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75F7E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75FA9000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE75FDA000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE76000000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495394111.00007FFE76026000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495610994.00007FFE7604E000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495645829.00007FFE76054000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76056000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76072000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2495683254.00007FFE76076000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe75d30000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memchr
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3297308162-0
                                                                                                                                                                                                  • Opcode ID: c5e960affa148b692ef3d217ac06fb5c7be25dddca428b8f48f7e9c294a6392b
                                                                                                                                                                                                  • Instruction ID: cc9d195deac863dde9e058b3560ebbf3238f13a1f266e964981b27e2dde1127f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5e960affa148b692ef3d217ac06fb5c7be25dddca428b8f48f7e9c294a6392b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51919163B287C182EB588B56D485179A7A1FB89FC4F584036DF5C83B6ACF2DE945C700
                                                                                                                                                                                                  Function 00007FFE75A39820 Relevance: 5.2, APIs: 4, Instructions: 223COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,00000000,00007FFE75A3463C), ref: 00007FFE75A3998A
                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,00000000,00007FFE75A3463C), ref: 00007FFE75A399B5
                                                                                                                                                                                                  • memset.VCRUNTIME140(?,?,?,?,?,?,?,?,00000000,00007FFE75A3463C), ref: 00007FFE75A399D1
                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,00000000,00007FFE75A3463C), ref: 00007FFE75A39A16
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy$memset
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 438689982-0
                                                                                                                                                                                                  • Opcode ID: 14a713ee5cd113428f72e39214c8690b72ae73852c469b2013c0843e6f4dad93
                                                                                                                                                                                                  • Instruction ID: dffb0ee318356c38c64fd885caf06a70f5b322ef63008ef20251be9eaf95f173
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14a713ee5cd113428f72e39214c8690b72ae73852c469b2013c0843e6f4dad93
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1091C233A28B428AE764CF16A441A7A7AA0FF84FD8F044135EEAD47BA5DF3CD4518740
                                                                                                                                                                                                  Function 00007FFE75A39FA0 Relevance: 5.2, APIs: 4, Instructions: 219COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2493058003.00007FFE759F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFE759F0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493023381.00007FFE759F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493478421.00007FFE75B1A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493673200.00007FFE75B47000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B4C000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2493710967.00007FFE75B5A000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffe759f0000_LEmcGUQfA7.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3510742995-0
                                                                                                                                                                                                  • Opcode ID: 0bf67ce0f470c8c7484da0870ac3691e481175704d8e0679167e6ef8d397d838
                                                                                                                                                                                                  • Instruction ID: 5bac4bc790923e12c4437cb7a1ac434da1a4a0456162e57a78f0840b2c45a53a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0bf67ce0f470c8c7484da0870ac3691e481175704d8e0679167e6ef8d397d838
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A091BB33A28B668AEA548F12A49422A67E4FF05FD4F485234EE7D07BE1DF3CE0508700