Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
setup.exe

Overview

General Information

Sample name:setup.exe
Analysis ID:1587967
MD5:37fcc1898fd2c1468fef8b616d2e4d56
SHA1:2cb2bd61bb050dd87675543076a9f5693ddecb95
SHA256:95f89677ac06e21b3fb760233e4a8caf5a49cad663bb9a4944a904dfa3debdab
Tags:exepythonstealertrojanuser-gesgov
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Found pyInstaller with non standard icon
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to detect virtual machines (SGDT)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • setup.exe (PID: 7812 cmdline: "C:\Users\user\Desktop\setup.exe" MD5: 37FCC1898FD2C1468FEF8B616D2E4D56)
    • conhost.exe (PID: 7820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • setup.exe (PID: 7912 cmdline: "C:\Users\user\Desktop\setup.exe" MD5: 37FCC1898FD2C1468FEF8B616D2E4D56)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: setup.exeVirustotal: Detection: 11%Perma Link
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203619DD BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,3_2_00007FF8203619DD
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203615E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,memcpy,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF8203615E6
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361F55 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,3_2_00007FF820361F55
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820364100 CRYPTO_free,3_2_00007FF820364100
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203AE190 CRYPTO_free,3_2_00007FF8203AE190
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203AE200 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8203AE200
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361389 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF820361389
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361B31 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF820361B31
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820372360 CRYPTO_THREAD_run_once,3_2_00007FF820372360
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820364300 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF820364300
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203C0330 CRYPTO_free,CRYPTO_strndup,3_2_00007FF8203C0330
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203C43C0 EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,CRYPTO_malloc,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,3_2_00007FF8203C43C0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203CA3D0 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8203CA3D0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203B8390 CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FF8203B8390
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361D93 EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,CRYPTO_zalloc,EVP_MAC_CTX_free,EVP_MAC_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_fetch,EVP_MAC_CTX_new,EVP_MAC_free,EVP_CIPHER_CTX_new,EVP_CIPHER_fetch,OSSL_PARAM_construct_utf8_string,OSSL_PARAM_construct_end,EVP_MAC_init,EVP_DecryptInit_ex,EVP_CIPHER_free,EVP_CIPHER_free,EVP_CIPHER_free,EVP_MAC_CTX_get_mac_size,EVP_CIPHER_CTX_get_iv_length,EVP_MAC_final,CRYPTO_memcmp,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_CTX_free,CRYPTO_free,3_2_00007FF820361D93
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036198D CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,3_2_00007FF82036198D
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361AC3 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,3_2_00007FF820361AC3
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203623DD EVP_MD_get_size,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_clear_free,CRYPTO_malloc,ERR_new,ERR_set_debug,3_2_00007FF8203623DD
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820382410 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data,3_2_00007FF820382410
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82037E427 CRYPTO_THREAD_write_lock,3_2_00007FF82037E427
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361ACD ERR_new,ERR_set_debug,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,memcpy,ERR_new,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,3_2_00007FF820361ACD
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203618B6 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF8203618B6
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820394490 CRYPTO_realloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF820394490
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203626E4 BIO_s_file,BIO_new,ERR_new,ERR_set_debug,BIO_ctrl,ERR_new,ERR_set_debug,strncmp,ERR_new,ERR_set_debug,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,3_2_00007FF8203626E4
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203D6550 CRYPTO_memcmp,3_2_00007FF8203D6550
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820374530 OPENSSL_sk_num,X509_STORE_CTX_new_ex,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_new,ERR_set_debug,ERR_set_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,3_2_00007FF820374530
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203805E0 X509_VERIFY_PARAM_free,CRYPTO_free_ex_data,BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free,3_2_00007FF8203805E0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361488 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF820361488
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203685A0 CRYPTO_zalloc,CRYPTO_free,3_2_00007FF8203685A0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203C6650 EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,3_2_00007FF8203C6650
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203613D9 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,3_2_00007FF8203613D9
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361212 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,3_2_00007FF820361212
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203A4660 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,3_2_00007FF8203A4660
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036162C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_DigestSignUpdate,EVP_DigestSignFinal,CRYPTO_malloc,EVP_DigestSignFinal,ERR_new,ERR_new,EVP_DigestSign,ERR_new,CRYPTO_malloc,EVP_DigestSign,BUF_reverse,ERR_new,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_MD_CTX_free,3_2_00007FF82036162C
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203624CD CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,3_2_00007FF8203624CD
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203B8620 CRYPTO_memcmp,3_2_00007FF8203B8620
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82037A6D0 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,3_2_00007FF82037A6D0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203A26B0 ERR_new,ERR_set_debug,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,BN_clear_free,3_2_00007FF8203A26B0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203616A4 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8203616A4
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036103C CRYPTO_malloc,COMP_expand_block,3_2_00007FF82036103C
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203AE700 CRYPTO_free,3_2_00007FF8203AE700
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036120D EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,3_2_00007FF82036120D
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361F28 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,3_2_00007FF820361F28
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361CA3 CRYPTO_strdup,CRYPTO_free,3_2_00007FF820361CA3
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203625F4 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_clear_free,3_2_00007FF8203625F4
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203AE781 CRYPTO_free,CRYPTO_free,3_2_00007FF8203AE781
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361401 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,3_2_00007FF820361401
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203C4860 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,3_2_00007FF8203C4860
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203D8870 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,3_2_00007FF8203D8870
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361F3C CRYPTO_malloc,ERR_new,ERR_set_debug,3_2_00007FF820361F3C
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820362423 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF820362423
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203AE8C0 CRYPTO_free,3_2_00007FF8203AE8C0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203626B2 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,3_2_00007FF8203626B2
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203CC8E0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FF8203CC8E0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203DA8F0 EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_clear_error,ASN1_item_d2i,ASN1_TYPE_get,ERR_new,ERR_set_debug,EVP_PKEY_decrypt,ERR_new,EVP_PKEY_CTX_ctrl,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,ASN1_item_free,3_2_00007FF8203DA8F0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361EE2 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,EVP_MD_get0_name,EVP_MD_is_a,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,3_2_00007FF820361EE2
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820362185 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,3_2_00007FF820362185
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036139D memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,3_2_00007FF82036139D
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203AE920 CRYPTO_free,3_2_00007FF8203AE920
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820374930 CRYPTO_get_ex_new_index,3_2_00007FF820374930
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203617DF ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF8203617DF
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036204F CRYPTO_free,CRYPTO_malloc,ERR_new,RAND_bytes_ex,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,3_2_00007FF82036204F
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203624EB CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,3_2_00007FF8203624EB
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203B89F0 CRYPTO_free,CRYPTO_memdup,3_2_00007FF8203B89F0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820374990 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,3_2_00007FF820374990
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361893 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_strdup,ERR_new,ERR_set_debug,3_2_00007FF820361893
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361492 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,3_2_00007FF820361492
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203A2A50 SRP_Calc_u_ex,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,BN_clear_free,BN_clear_free,3_2_00007FF8203A2A50
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361A05 ERR_new,ERR_set_debug,ERR_set_error,ASN1_item_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,_time64,X509_free,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ASN1_item_free,3_2_00007FF820361A05
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036114F CRYPTO_free,ERR_new,ERR_set_debug,3_2_00007FF82036114F
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82037EB48 CRYPTO_free,3_2_00007FF82037EB48
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361A0F ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_CIPHER_get_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,CRYPTO_memcmp,ERR_set_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_pop_to_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,strncmp,strncmp,strncmp,strncmp,strncmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,3_2_00007FF820361A0F
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82038EB10 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,3_2_00007FF82038EB10
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361460 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_snprintf,3_2_00007FF820361460
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820376B20 CRYPTO_THREAD_run_once,OPENSSL_sk_find,OPENSSL_sk_value,EVP_CIPHER_fetch,EVP_CIPHER_get_flags,3_2_00007FF820376B20
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820364B30 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF820364B30
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361AB4 CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,3_2_00007FF820361AB4
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203C4C40 ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,3_2_00007FF8203C4C40
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203AEC70 CRYPTO_free,3_2_00007FF8203AEC70
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820364C00 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF820364C00
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203AEC10 CRYPTO_free,3_2_00007FF8203AEC10
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203A8C80 CRYPTO_free,3_2_00007FF8203A8C80
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203622D9 CRYPTO_malloc,CONF_parse_list,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,3_2_00007FF8203622D9
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203B8CA0 CRYPTO_free,CRYPTO_strndup,3_2_00007FF8203B8CA0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036257C ERR_new,ERR_set_debug,CRYPTO_free,BIO_clear_flags,BIO_set_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_cleanse,3_2_00007FF82036257C
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203A8D40 OPENSSL_cleanse,CRYPTO_free,3_2_00007FF8203A8D40
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361CBC EVP_MD_get_size,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF820361CBC
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036136B ERR_new,ERR_set_debug,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,ERR_new,ERR_set_debug,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF82036136B
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82037CD30 CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,EVP_MD_get0_provider,EVP_MD_free,EVP_MD_get0_provider,EVP_MD_free,EVP_CIPHER_get0_provider,EVP_CIPHER_free,EVP_MD_get0_provider,EVP_MD_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_free,3_2_00007FF82037CD30
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82037EDC1 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,3_2_00007FF82037EDC1
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361771 CRYPTO_free,3_2_00007FF820361771
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361811 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,3_2_00007FF820361811
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036222F ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,3_2_00007FF82036222F
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036236A CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,3_2_00007FF82036236A
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361B54 memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,memcmp,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,3_2_00007FF820361B54
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82037EDC1 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,3_2_00007FF82037EDC1
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203D2EE0 CRYPTO_memcmp,3_2_00007FF8203D2EE0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036117C _time64,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,3_2_00007FF82036117C
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203A8E90 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,3_2_00007FF8203A8E90
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203617E9 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,CRYPTO_memdup,ERR_new,ERR_new,ERR_new,ERR_set_debug,3_2_00007FF8203617E9
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036CEA0 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,3_2_00007FF82036CEA0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820362144 EVP_CIPHER_get_mode,EVP_CIPHER_get_mode,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_malloc,ERR_new,ERR_set_debug,3_2_00007FF820362144
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820364FD0 CRYPTO_free,3_2_00007FF820364FD0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203620E5 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8203620E5
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820362117 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,3_2_00007FF820362117
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82038F070 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,ERR_new,ERR_set_debug,memcpy,3_2_00007FF82038F070
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203C5070 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8203C5070
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203DB070 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8203DB070
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820362374 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF820362374
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203950D8 EVP_MAC_CTX_free,CRYPTO_free,3_2_00007FF8203950D8
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820389084 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,3_2_00007FF820389084
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203A30A0 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,3_2_00007FF8203A30A0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203614CE CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,3_2_00007FF8203614CE
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203621DF CRYPTO_memcmp,3_2_00007FF8203621DF
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036F160 CRYPTO_free,CRYPTO_memdup,3_2_00007FF82036F160
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82038D170 CRYPTO_THREAD_write_lock,OPENSSL_sk_new_null,OPENSSL_LH_delete,OPENSSL_sk_push,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,OPENSSL_sk_pop_free,3_2_00007FF82038D170
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203C1170 ERR_new,ERR_set_debug,CRYPTO_clear_free,3_2_00007FF8203C1170
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203611A9 EVP_MAC_CTX_free,CRYPTO_free,3_2_00007FF8203611A9
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203A9120 CRYPTO_malloc,ERR_new,ERR_set_debug,3_2_00007FF8203A9120
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361A23 BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,3_2_00007FF820361A23
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361262 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,3_2_00007FF820361262
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361B90 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,3_2_00007FF820361B90
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361F8C CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,3_2_00007FF820361F8C
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203D3260 CRYPTO_free,CRYPTO_memdup,3_2_00007FF8203D3260
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036D227 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF82036D227
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203C7230 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,3_2_00007FF8203C7230
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361A32 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,3_2_00007FF820361A32
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203992E0 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF8203992E0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036195B CRYPTO_zalloc,EVP_MAC_free,EVP_MAC_CTX_free,CRYPTO_free,3_2_00007FF82036195B
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361677 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,3_2_00007FF820361677
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203617F8 EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key_ex,EVP_DigestSignInit_ex,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8203617F8
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036111D CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,ERR_new,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,3_2_00007FF82036111D
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036B300 CRYPTO_clear_free,3_2_00007FF82036B300
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036D3CA CRYPTO_free,3_2_00007FF82036D3CA
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361444 EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,3_2_00007FF820361444
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820362126 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memcmp,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF820362126
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361997 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_decapsulate,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,3_2_00007FF820361997
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203DB430 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,EVP_PKEY_CTX_set_rsa_padding,OSSL_PARAM_construct_uint,OSSL_PARAM_construct_end,EVP_PKEY_CTX_set_params,EVP_PKEY_decrypt,OPENSSL_cleanse,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_CTX_free,3_2_00007FF8203DB430
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203B14E0 CRYPTO_memcmp,3_2_00007FF8203B14E0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361992 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,OPENSSL_LH_new,X509_STORE_new,CTLOG_STORE_new_ex,OPENSSL_sk_num,X509_VERIFY_PARAM_new,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,CRYPTO_secure_zalloc,RAND_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,ERR_new,ERR_set_debug,3_2_00007FF820361992
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361393 OSSL_PROVIDER_do_all,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,3_2_00007FF820361393
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203D3480 CRYPTO_free,CRYPTO_strndup,3_2_00007FF8203D3480
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361EDD CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_find,CRYPTO_free,ERR_new,ERR_set_debug,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF820361EDD
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036193D CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF82036193D
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203B7570 CRYPTO_realloc,3_2_00007FF8203B7570
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82038D510 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,3_2_00007FF82038D510
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203621E9 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,3_2_00007FF8203621E9
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820362469 CRYPTO_memcmp,ERR_new,ERR_set_debug,memchr,ERR_new,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF820362469
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361181 CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FF820361181
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820362379 CRYPTO_free,3_2_00007FF820362379
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203620F4 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FF8203620F4
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203D3650 CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_fetch,EVP_CIPHER_get_iv_length,RAND_bytes_ex,EVP_CIPHER_free,EVP_EncryptUpdate,EVP_EncryptFinal,ERR_new,ERR_new,CRYPTO_free,EVP_CIPHER_CTX_free,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get_iv_length,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_CIPHER_CTX_free,3_2_00007FF8203D3650
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036F650 EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_derive_set_peer,EVP_PKEY_is_a,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_derive,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,3_2_00007FF82036F650
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203CB660 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,3_2_00007FF8203CB660
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036110E EVP_PKEY_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,3_2_00007FF82036110E
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820371620 CRYPTO_free,CRYPTO_strndup,3_2_00007FF820371620
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203A56D0 CRYPTO_free,3_2_00007FF8203A56D0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203612CB CRYPTO_THREAD_run_once,3_2_00007FF8203612CB
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203B1750 CRYPTO_free,CRYPTO_memdup,3_2_00007FF8203B1750
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203611BD CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,3_2_00007FF8203611BD
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361023 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,3_2_00007FF820361023
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203B77A0 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FF8203B77A0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203C17A1 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,3_2_00007FF8203C17A1
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820377840 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,3_2_00007FF820377840
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820379870 CRYPTO_free,CRYPTO_strdup,3_2_00007FF820379870
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203D57FE CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8203D57FE
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361087 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,3_2_00007FF820361087
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203938C0 CRYPTO_malloc,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,memset,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,ERR_set_debug,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,ERR_set_mark,EVP_KEYMGMT_free,ERR_pop_to_mark,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FF8203938C0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203613DE EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_security_bits,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,EVP_PKEY_get_bn_param,EVP_PKEY_get_bn_param,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,ERR_set_debug,EVP_DigestSign,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_free,BN_free,BN_free,BN_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8203613DE
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361654 EVP_MD_CTX_new,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_PKEY_get_id,ERR_new,EVP_MD_get0_name,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,BUF_reverse,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_MD_CTX_ctrl,ERR_new,ERR_set_debug,ERR_new,EVP_DigestVerify,ERR_new,ERR_new,ERR_new,ERR_set_debug,BIO_free,EVP_MD_CTX_free,CRYPTO_free,3_2_00007FF820361654
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036589C BIO_get_data,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,3_2_00007FF82036589C
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203B1970 ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,3_2_00007FF8203B1970
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203DB900 BN_bin2bn,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8203DB900
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036F910 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,CRYPTO_malloc,EVP_PKEY_encapsulate,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_free,EVP_PKEY_CTX_free,3_2_00007FF82036F910
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361E6A ERR_new,ERR_set_debug,CRYPTO_clear_free,3_2_00007FF820361E6A
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361A41 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF820361A41
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203AD980 RAND_bytes_ex,CRYPTO_malloc,memset,3_2_00007FF8203AD980
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036105F ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_clear_free,3_2_00007FF82036105F
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203611DB EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,3_2_00007FF8203611DB
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203A9A60 ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_set_mark,ERR_pop_to_mark,ERR_new,ERR_set_debug,ERR_clear_last_mark,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,3_2_00007FF8203A9A60
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203C3A60 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,3_2_00007FF8203C3A60
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820377A60 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,strncmp,CRYPTO_free,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_delete,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free,3_2_00007FF820377A60
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203A3A00 CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,3_2_00007FF8203A3A00
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361A15 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,3_2_00007FF820361A15
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203CBA20 CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FF8203CBA20
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82038FAF0 CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,3_2_00007FF82038FAF0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203DBB70 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,OPENSSL_sk_push,OPENSSL_sk_num,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_value,X509_get0_pubkey,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,3_2_00007FF8203DBB70
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203AFB00 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,3_2_00007FF8203AFB00
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036155A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,3_2_00007FF82036155A
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820385B90 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF820385B90
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82038DBA0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,3_2_00007FF82038DBA0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203C1B9F CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,3_2_00007FF8203C1B9F
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820375BB0 OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,3_2_00007FF820375BB0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203619E7 CRYPTO_free,3_2_00007FF8203619E7
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361483 CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF820361483
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361582 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,3_2_00007FF820361582
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820373CC0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,3_2_00007FF820373CC0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203623F1 CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,3_2_00007FF8203623F1
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820362595 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,3_2_00007FF820362595
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820365C9B CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_set_data,BIO_clear_flags,3_2_00007FF820365C9B
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820375CB0 COMP_zlib,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,3_2_00007FF820375CB0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203C3D20 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,3_2_00007FF8203C3D20
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361CEE CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,3_2_00007FF820361CEE
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820385D20 CRYPTO_free,CRYPTO_free,3_2_00007FF820385D20
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361D89 CRYPTO_free,CRYPTO_memdup,3_2_00007FF820361D89
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203625DB CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,3_2_00007FF8203625DB
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820362720 CRYPTO_free,CRYPTO_strdup,3_2_00007FF820362720
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036150F OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_VERIFY_PARAM_get_depth,CRYPTO_dup_ex_data,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,3_2_00007FF82036150F
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820362310 ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_new,EVP_MD_fetch,ERR_new,ERR_new,ERR_set_debug,EVP_MD_free,EVP_MD_get_size,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_free,CRYPTO_free,3_2_00007FF820362310
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036108C ERR_new,ERR_set_debug,CRYPTO_free,3_2_00007FF82036108C
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820385E10 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF820385E10
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203CBE20 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FF8203CBE20
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820365EE0 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,3_2_00007FF820365EE0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820362680 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,3_2_00007FF820362680
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036107D CRYPTO_free,3_2_00007FF82036107D
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820363EB0 CRYPTO_free,3_2_00007FF820363EB0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203CDF40 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,3_2_00007FF8203CDF40
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361B18 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_memcmp,ERR_new,ERR_new,3_2_00007FF820361B18
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361C53 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,3_2_00007FF820361C53
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820375F20 CRYPTO_THREAD_run_once,3_2_00007FF820375F20
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203C3F30 ERR_new,ERR_set_debug,X509_get0_pubkey,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,CRYPTO_malloc,EVP_PKEY_encrypt_init,RAND_bytes_ex,EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,3_2_00007FF8203C3F30
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82037BF30 CRYPTO_memcmp,3_2_00007FF82037BF30
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361019 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF820361019
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036DFB5 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF82036DFB5
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203623EC CRYPTO_free,CRYPTO_memdup,3_2_00007FF8203623EC
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036202C CRYPTO_free,3_2_00007FF82036202C
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820386030 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,d2i_X509,X509_get0_pubkey,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF820386030
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203B80C0 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FF8203B80C0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361361 CRYPTO_malloc,EVP_PKEY_set_type,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_CTX_free,ERR_pop_to_mark,CRYPTO_free,EVP_PKEY_free,3_2_00007FF820361361
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82037C080 CRYPTO_free,CRYPTO_memdup,3_2_00007FF82037C080
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820362527 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF820362527
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203C00A0 CRYPTO_free,CRYPTO_memdup,3_2_00007FF8203C00A0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203820A0 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,3_2_00007FF8203820A0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036E0AD ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,3_2_00007FF82036E0AD
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820434D78 i2d_X509,PyBytes_FromStringAndSize,CRYPTO_free,3_2_00007FF820434D78
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820435030 ASN1_STRING_type,ASN1_STRING_length,ASN1_STRING_get0_data,Py_BuildValue,ASN1_STRING_to_UTF8,_Py_Dealloc,Py_BuildValue,CRYPTO_free,3_2_00007FF820435030
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8321611E0 _Py_NoneStruct,_PyArg_UnpackKeywords,PyObject_GetBuffer,PyObject_GetBuffer,PyLong_AsUnsignedLong,PyLong_AsUnsignedLong,PyLong_AsUnsignedLong,EVP_PBE_scrypt,PyBytes_FromStringAndSize,PyEval_SaveThread,EVP_PBE_scrypt,PyEval_RestoreThread,PyExc_ValueError,PyErr_SetString,PyBuffer_Release,PyBuffer_Release,PyLong_AsLong,PyErr_Occurred,PyLong_AsLong,PyErr_Occurred,PyExc_ValueError,PyExc_ValueError,PyErr_Format,_PyArg_BadArgument,_PyArg_BadArgument,_PyArg_BadArgument,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,PyExc_OverflowError,PyExc_OverflowError,_Py_Dealloc,PyExc_ValueError,3_2_00007FF8321611E0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF832165DC0 CRYPTO_memcmp,3_2_00007FF832165DC0
Source: setup.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: setup.exe, 00000000.00000003.1295612778.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1335293115.00007FF832883000.00000002.00000001.01000000.00000007.sdmp, select.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: setup.exe, 00000000.00000003.1295756413.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: setup.exe, 00000003.00000002.1326854800.00007FF8208AA000.00000002.00000001.01000000.00000009.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: setup.exe, 00000000.00000003.1289612035.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: setup.exe, 00000003.00000002.1325644274.00007FF8203E5000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: setup.exe, 00000000.00000003.1290283478.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: setup.exe, 00000000.00000003.1290283478.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: setup.exe, 00000000.00000003.1289070443.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: setup.exe, 00000000.00000003.1288812555.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: setup.exe, 00000003.00000002.1326854800.00007FF820812000.00000002.00000001.01000000.00000009.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: setup.exe, 00000000.00000003.1288812555.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: setup.exe, 00000003.00000002.1326854800.00007FF8208AA000.00000002.00000001.01000000.00000009.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: setup.exe, 00000000.00000003.1290450728.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1327912317.00007FF820979000.00000002.00000001.01000000.00000006.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python313.pdb source: setup.exe, 00000003.00000002.1329652386.00007FF820F49000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdb source: setup.exe, 00000003.00000002.1325644274.00007FF8203E5000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: setup.exe, 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmp, _ssl.pyd.0.dr
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BC7800 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF702BC7800
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BC8840 FindFirstFileExW,FindClose,0_2_00007FF702BC8840
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BE2AE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF702BE2AE4
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BC8840 FindFirstFileExW,FindClose,3_2_00007FF702BC8840
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BE2AE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_00007FF702BE2AE4
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BC7800 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,3_2_00007FF702BC7800
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820976940 memset,recvfrom,3_2_00007FF820976940
Source: setup.exe, 00000000.00000003.1293428889.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1291830055.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1291830055.0000017F25DD6000.00000004.00000020.00020000.00000000.sdmp, libcrypto-3.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: setup.exe, 00000000.00000003.1293428889.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1291830055.0000017F25DD6000.00000004.00000020.00020000.00000000.sdmp, libcrypto-3.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: setup.exe, 00000000.00000003.1293428889.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1291830055.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, libcrypto-3.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: setup.exe, 00000000.00000003.1293428889.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1291830055.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1291830055.0000017F25DD6000.00000004.00000020.00020000.00000000.sdmp, libcrypto-3.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: setup.exe, 00000000.00000003.1293428889.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1291830055.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1291830055.0000017F25DD6000.00000004.00000020.00020000.00000000.sdmp, libcrypto-3.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: setup.exe, 00000000.00000003.1293428889.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1291830055.0000017F25DD6000.00000004.00000020.00020000.00000000.sdmp, libcrypto-3.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: setup.exe, 00000000.00000003.1293428889.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1291830055.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, libcrypto-3.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: libcrypto-3.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: setup.exe, 00000000.00000003.1293428889.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1291830055.0000017F25DD6000.00000004.00000020.00020000.00000000.sdmp, libcrypto-3.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: setup.exe, 00000000.00000003.1293428889.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1291830055.0000017F25DD6000.00000004.00000020.00020000.00000000.sdmp, libcrypto-3.dll.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: setup.exe, 00000000.00000003.1293428889.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1291830055.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1291830055.0000017F25DD6000.00000004.00000020.00020000.00000000.sdmp, libcrypto-3.dll.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: setup.exe, 00000000.00000003.1293428889.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1291830055.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1291830055.0000017F25DD6000.00000004.00000020.00020000.00000000.sdmp, libcrypto-3.dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: setup.exe, 00000000.00000003.1293428889.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1291830055.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, libcrypto-3.dll.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: setup.exe, 00000000.00000003.1293428889.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1291830055.0000017F25DD6000.00000004.00000020.00020000.00000000.sdmp, libcrypto-3.dll.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: setup.exe, 00000003.00000003.1311115498.0000020D97B88000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1310461355.0000020D97B91000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1309910491.0000020D97B8C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1313123188.0000020D97B93000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1312304711.0000020D97E64000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1311442178.0000020D97E64000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1314807876.0000020D97E65000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1309202080.0000020D97FA6000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1312992067.0000020D97B92000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1309202080.0000020D97FBD000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1312208898.0000020D97B8B000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1314557227.0000020D97BDA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1309279270.0000020D97E64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: setup.exe, 00000000.00000003.1289305529.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.c
Source: setup.exe, 00000003.00000003.1312170570.0000020D97F3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1311223408.0000020D97F1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1311664572.0000020D97F25000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1309644156.0000020D97F11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: setup.exe, 00000003.00000002.1322537333.0000020D97D20000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://docs.python.org/3/howto/mro.html.
Source: setup.exe, 00000003.00000002.1321865324.0000020D978E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: setup.exe, 00000003.00000002.1321865324.0000020D978E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: setup.exe, 00000003.00000002.1321865324.0000020D97964000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: setup.exe, 00000003.00000002.1321865324.0000020D978E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: setup.exe, 00000003.00000002.1321865324.0000020D97964000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: setup.exe, 00000003.00000002.1321865324.0000020D978E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: setup.exe, 00000003.00000002.1321865324.0000020D978E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: setup.exe, 00000003.00000002.1321865324.0000020D978E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: setup.exe, 00000003.00000003.1314860934.0000020D97AFA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1322191347.0000020D97AFF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1317469928.0000020D97AFE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1317133673.0000020D97AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: setup.exe, 00000003.00000003.1314860934.0000020D97AFA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1322191347.0000020D97AFF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1322162465.0000020D97AFC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1317469928.0000020D97AFE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1317133673.0000020D97AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: setup.exe, 00000003.00000002.1321865324.0000020D97964000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: setup.exe, 00000003.00000003.1317133673.0000020D97AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: setup.exe, 00000003.00000003.1314860934.0000020D97AFA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1322191347.0000020D97AFF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1322162465.0000020D97AFC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1317469928.0000020D97AFE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1317133673.0000020D97AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: setup.exe, 00000003.00000003.1314860934.0000020D97AFA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1322191347.0000020D97AFF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1322162465.0000020D97AFC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1317469928.0000020D97AFE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1317133673.0000020D97AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: setup.exe, 00000003.00000003.1297001365.0000020D97AE1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1323971624.0000020D98020000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1308461337.0000020D97F3F000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://peps.python.org/pep-0205/
Source: setup.exe, 00000003.00000002.1329652386.00007FF820F49000.00000002.00000001.01000000.00000004.sdmp, python313.dll.0.drString found in binary or memory: https://peps.python.org/pep-0263/
Source: setup.exe, 00000000.00000003.1293428889.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1327696373.00007FF820954000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000003.00000002.1325729404.00007FF820420000.00000002.00000001.01000000.0000000B.sdmp, libcrypto-3.dll.0.drString found in binary or memory: https://www.openssl.org/H
Source: setup.exe, 00000003.00000002.1329652386.00007FF820F49000.00000002.00000001.01000000.00000004.sdmp, python313.dll.0.drString found in binary or memory: https://www.python.org/psf/license/)
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BE7BD40_2_00007FF702BE7BD4
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BE1B380_2_00007FF702BE1B38
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BC80200_2_00007FF702BC8020
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BD3B880_2_00007FF702BD3B88
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BDEB240_2_00007FF702BDEB24
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BE531C0_2_00007FF702BE531C
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BD132C0_2_00007FF702BD132C
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BD6CF00_2_00007FF702BD6CF0
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BD24200_2_00007FF702BD2420
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BD44500_2_00007FF702BD4450
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BEA9980_2_00007FF702BEA998
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BD11280_2_00007FF702BD1128
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BE2AE40_2_00007FF702BE2AE4
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BCA26D0_2_00007FF702BCA26D
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BC9A340_2_00007FF702BC9A34
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BDEFB80_2_00007FF702BDEFB8
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BD27B80_2_00007FF702BD27B8
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BD3F8C0_2_00007FF702BD3F8C
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BD0F1C0_2_00007FF702BD0F1C
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BD173C0_2_00007FF702BD173C
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BD37500_2_00007FF702BD3750
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BE70EC0_2_00007FF702BE70EC
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BC989B0_2_00007FF702BC989B
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BD90200_2_00007FF702BD9020
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BC8DC00_2_00007FF702BC8DC0
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BD0D180_2_00007FF702BD0D18
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BD15380_2_00007FF702BD1538
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BD96D00_2_00007FF702BD96D0
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BE6E700_2_00007FF702BE6E70
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BE4E800_2_00007FF702BE4E80
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BE1B380_2_00007FF702BE1B38
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BE76880_2_00007FF702BE7688
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BDAE200_2_00007FF702BDAE20
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BDF6380_2_00007FF702BDF638
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BE7BD43_2_00007FF702BE7BD4
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BD3F8C3_2_00007FF702BD3F8C
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BD3B883_2_00007FF702BD3B88
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BDEB243_2_00007FF702BDEB24
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BE531C3_2_00007FF702BE531C
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BD132C3_2_00007FF702BD132C
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BE1B383_2_00007FF702BE1B38
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BD6CF03_2_00007FF702BD6CF0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BD24203_2_00007FF702BD2420
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BD44503_2_00007FF702BD4450
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BEA9983_2_00007FF702BEA998
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BD11283_2_00007FF702BD1128
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BE2AE43_2_00007FF702BE2AE4
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BCA26D3_2_00007FF702BCA26D
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BC9A343_2_00007FF702BC9A34
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BDEFB83_2_00007FF702BDEFB8
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BD27B83_2_00007FF702BD27B8
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BD0F1C3_2_00007FF702BD0F1C
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BD173C3_2_00007FF702BD173C
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BD37503_2_00007FF702BD3750
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BE70EC3_2_00007FF702BE70EC
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BC989B3_2_00007FF702BC989B
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BC80203_2_00007FF702BC8020
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BD90203_2_00007FF702BD9020
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BC8DC03_2_00007FF702BC8DC0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BD0D183_2_00007FF702BD0D18
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BD15383_2_00007FF702BD1538
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BD96D03_2_00007FF702BD96D0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BE6E703_2_00007FF702BE6E70
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BE4E803_2_00007FF702BE4E80
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BE1B383_2_00007FF702BE1B38
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BE76883_2_00007FF702BE7688
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BDAE203_2_00007FF702BDAE20
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BDF6383_2_00007FF702BDF638
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361D933_2_00007FF820361D93
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203616FE3_2_00007FF8203616FE
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036116D3_2_00007FF82036116D
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203687203_2_00007FF820368720
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203D88703_2_00007FF8203D8870
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361EE23_2_00007FF820361EE2
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203989203_2_00007FF820398920
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203616183_2_00007FF820361618
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203626173_2_00007FF820362617
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361A0F3_2_00007FF820361A0F
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203DAC803_2_00007FF8203DAC80
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361CBC3_2_00007FF820361CBC
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036149C3_2_00007FF82036149C
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361B543_2_00007FF820361B54
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036117C3_2_00007FF82036117C
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203627023_2_00007FF820362702
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203624DC3_2_00007FF8203624DC
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203CD2D03_2_00007FF8203CD2D0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203617F83_2_00007FF8203617F8
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361C123_2_00007FF820361C12
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203D36503_2_00007FF8203D3650
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203621C63_2_00007FF8203621C6
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203613DE3_2_00007FF8203613DE
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203616543_2_00007FF820361654
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203615963_2_00007FF820361596
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203AD9803_2_00007FF8203AD980
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203A9A603_2_00007FF8203A9A60
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82038BAE03_2_00007FF82038BAE0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036155A3_2_00007FF82036155A
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203A5C003_2_00007FF8203A5C00
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361FDC3_2_00007FF820361FDC
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203621E43_2_00007FF8203621E4
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203ADE503_2_00007FF8203ADE50
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203615463_2_00007FF820361546
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820361AD73_2_00007FF820361AD7
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203860303_2_00007FF820386030
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82043513C3_2_00007FF82043513C
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82043C2E83_2_00007FF82043C2E8
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8204387AC3_2_00007FF8204387AC
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8204359103_2_00007FF820435910
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8209710C03_2_00007FF8209710C0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820973E403_2_00007FF820973E40
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF832161E203_2_00007FF832161E20
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8321611E03_2_00007FF8321611E0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF833AB63A03_2_00007FF833AB63A0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF833AB83003_2_00007FF833AB8300
Source: C:\Users\user\Desktop\setup.exeCode function: String function: 00007FF8203DD425 appears 48 times
Source: C:\Users\user\Desktop\setup.exeCode function: String function: 00007FF8203DD341 appears 1193 times
Source: C:\Users\user\Desktop\setup.exeCode function: String function: 00007FF8203DD33B appears 43 times
Source: C:\Users\user\Desktop\setup.exeCode function: String function: 00007FF8203DDB03 appears 45 times
Source: C:\Users\user\Desktop\setup.exeCode function: String function: 00007FF8203DD32F appears 327 times
Source: C:\Users\user\Desktop\setup.exeCode function: String function: 00007FF702BC1E50 appears 106 times
Source: C:\Users\user\Desktop\setup.exeCode function: String function: 00007FF702BC2020 appears 34 times
Source: C:\Users\user\Desktop\setup.exeCode function: String function: 00007FF820361325 appears 464 times
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: setup.exe, 00000000.00000003.1293428889.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs setup.exe
Source: setup.exe, 00000000.00000003.1295612778.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs setup.exe
Source: setup.exe, 00000000.00000003.1289305529.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs setup.exe
Source: setup.exe, 00000000.00000003.1295756413.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs setup.exe
Source: setup.exe, 00000000.00000003.1289612035.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs setup.exe
Source: setup.exe, 00000000.00000003.1290283478.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs setup.exe
Source: setup.exe, 00000000.00000003.1290450728.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs setup.exe
Source: setup.exe, 00000000.00000003.1289070443.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs setup.exe
Source: setup.exe, 00000000.00000003.1290618497.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs setup.exe
Source: setup.exe, 00000000.00000003.1288812555.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs setup.exe
Source: setup.exeBinary or memory string: OriginalFilename vs setup.exe
Source: setup.exe, 00000003.00000002.1335006023.00007FF821182000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython313.dll. vs setup.exe
Source: setup.exe, 00000003.00000002.1335356187.00007FF832886000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs setup.exe
Source: setup.exe, 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs setup.exe
Source: setup.exe, 00000003.00000002.1327696373.00007FF820954000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs setup.exe
Source: setup.exe, 00000003.00000002.1325729404.00007FF820420000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilenamelibsslH vs setup.exe
Source: setup.exe, 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs setup.exe
Source: setup.exe, 00000003.00000002.1328004422.00007FF820983000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs setup.exe
Source: setup.exe, 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs setup.exe
Source: classification engineClassification label: mal52.winEXE@4/14@0/0
Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\Desktop\info.txtJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7820:120:WilError_03
Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI78122Jump to behavior
Source: setup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\setup.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: setup.exeVirustotal: Detection: 11%
Source: C:\Users\user\Desktop\setup.exeFile read: C:\Users\user\Desktop\setup.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\setup.exe "C:\Users\user\Desktop\setup.exe"
Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Users\user\Desktop\setup.exe "C:\Users\user\Desktop\setup.exe"
Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Users\user\Desktop\setup.exe "C:\Users\user\Desktop\setup.exe"Jump to behavior
Source: C:\Users\user\Desktop\setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\setup.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\setup.exeSection loaded: python3.dllJump to behavior
Source: C:\Users\user\Desktop\setup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\setup.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\setup.exeSection loaded: libssl-3.dllJump to behavior
Source: C:\Users\user\Desktop\setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: setup.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: setup.exeStatic file information: File size 7620450 > 1048576
Source: setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: setup.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: setup.exe, 00000000.00000003.1295612778.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1335293115.00007FF832883000.00000002.00000001.01000000.00000007.sdmp, select.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: setup.exe, 00000000.00000003.1295756413.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: setup.exe, 00000003.00000002.1326854800.00007FF8208AA000.00000002.00000001.01000000.00000009.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: setup.exe, 00000000.00000003.1289612035.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: setup.exe, 00000003.00000002.1325644274.00007FF8203E5000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: setup.exe, 00000000.00000003.1290283478.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: setup.exe, 00000000.00000003.1290283478.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: setup.exe, 00000000.00000003.1289070443.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: setup.exe, 00000000.00000003.1288812555.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: setup.exe, 00000003.00000002.1326854800.00007FF820812000.00000002.00000001.01000000.00000009.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: setup.exe, 00000000.00000003.1288812555.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: setup.exe, 00000003.00000002.1326854800.00007FF8208AA000.00000002.00000001.01000000.00000009.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: setup.exe, 00000000.00000003.1290450728.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1327912317.00007FF820979000.00000002.00000001.01000000.00000006.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python313.pdb source: setup.exe, 00000003.00000002.1329652386.00007FF820F49000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdb source: setup.exe, 00000003.00000002.1325644274.00007FF8203E5000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: setup.exe, 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmp, _ssl.pyd.0.dr
Source: setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: VCRUNTIME140.dll.0.drStatic PE information: 0x78BDDED1 [Sat Mar 11 17:01:05 2034 UTC]
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
Source: python313.dll.0.drStatic PE information: section name: PyRuntim
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820384331 push rcx; ret 3_2_00007FF820384332

Persistence and Installation Behavior

barindex
Found pyInstaller with non standard icon
Source: C:\Users\user\Desktop\setup.exeProcess created: "C:\Users\user\Desktop\setup.exe"
Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI78122\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI78122\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI78122\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI78122\select.pydJump to dropped file
Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI78122\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI78122\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI78122\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI78122\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI78122\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI78122\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI78122\libssl-3.dllJump to dropped file
Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI78122\python313.dllJump to dropped file
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BC4C40 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF702BC4C40
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8203A8816 sgdt fword ptr [rax]3_2_00007FF8203A8816
Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI78122\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI78122\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI78122\select.pydJump to dropped file
Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI78122\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI78122\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI78122\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI78122\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI78122\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI78122\python313.dllJump to dropped file
Source: C:\Users\user\Desktop\setup.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-18702
Source: C:\Users\user\Desktop\setup.exeAPI coverage: 0.5 %
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BC7800 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF702BC7800
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BC8840 FindFirstFileExW,FindClose,0_2_00007FF702BC8840
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BE2AE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF702BE2AE4
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BC8840 FindFirstFileExW,FindClose,3_2_00007FF702BC8840
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BE2AE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_00007FF702BE2AE4
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BC7800 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,3_2_00007FF702BC7800
Source: setup.exe, 00000003.00000003.1313684033.0000020D97EF3000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1311817084.0000020D97EF1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1312653648.0000020D97EF2000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1308514549.0000020D97EEF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1309279270.0000020D97EEF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1309858009.0000020D97EEF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1320586144.0000020D97EF7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1311251257.0000020D97EEF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll5
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BDB558 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF702BDB558
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BE46F0 GetProcessHeap,0_2_00007FF702BE46F0
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BCC8A0 SetUnhandledExceptionFilter,0_2_00007FF702BCC8A0
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BDB558 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF702BDB558
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BCC6FC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF702BCC6FC
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BCBE60 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF702BCBE60
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BCC8A0 SetUnhandledExceptionFilter,3_2_00007FF702BCC8A0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BDB558 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF702BDB558
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BCC6FC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF702BCC6FC
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF702BCBE60 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF702BCBE60
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82036212B IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF82036212B
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF82043339C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF82043339C
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820432970 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF820432970
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820973318 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF820973318
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820972D60 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF820972D60
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF832164390 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF832164390
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF832163DD0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF832163DD0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF832881AA0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF832881AA0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8328814E0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8328814E0
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF833AC0E08 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF833AC0E08
Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Users\user\Desktop\setup.exe "C:\Users\user\Desktop\setup.exe"Jump to behavior
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BEA7E0 cpuid 0_2_00007FF702BEA7E0
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\info.txt VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\Desktop\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI78122 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BCC5E0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF702BCC5E0
Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00007FF702BE70EC _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF702BE70EC
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF8209753DC PySys_Audit,PyEval_SaveThread,bind,PyEval_RestoreThread,_Py_NoneStruct,3_2_00007FF8209753DC
Source: C:\Users\user\Desktop\setup.exeCode function: 3_2_00007FF820976424 PyArg_ParseTuple,PyEval_SaveThread,listen,PyEval_RestoreThread,_Py_NoneStruct,3_2_00007FF820976424

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		11
Process Injection		1
Masquerading		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		LSASS Memory21
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
Process Injection		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information		LSA Secrets22
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Timestomp		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1587967 Sample: setup.exe Startdate: 10/01/2025 Architecture: WINDOWS Score: 52 22 Multi AV Scanner detection for submitted file 2->22 6 setup.exe 15 2->6         started        process3 file4 14 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 6->14 dropped 16 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 6->16 dropped 18 C:\Users\user\AppData\Local\...\python313.dll, PE32+ 6->18 dropped 20 9 other files (none is malicious) 6->20 dropped 24 Found pyInstaller with non standard icon 6->24 10 setup.exe 2 6->10         started        12 conhost.exe 6->12         started        signatures5 process6

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
setup.exe11%VirustotalBrowse
setup.exe11%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI78122\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI78122\VCRUNTIME140.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI78122\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI78122\_bz2.pyd0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI78122\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI78122\_decimal.pyd0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI78122\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI78122\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI78122\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI78122\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI78122\libcrypto-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI78122\libssl-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI78122\python313.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI78122\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI78122\unicodedata.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64setup.exe, 00000003.00000003.1312170570.0000020D97F3C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1311223408.0000020D97F1C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1311664572.0000020D97F25000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1309644156.0000020D97F11000.00000004.00000020.00020000.00000000.sdmpfalse
    		high
    https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688setup.exe, 00000003.00000002.1321865324.0000020D97964000.00000004.00001000.00020000.00000000.sdmpfalse
      		high
      http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6setup.exe, 00000003.00000003.1311115498.0000020D97B88000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1310461355.0000020D97B91000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1309910491.0000020D97B8C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1313123188.0000020D97B93000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1312304711.0000020D97E64000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1311442178.0000020D97E64000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1314807876.0000020D97E65000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1309202080.0000020D97FA6000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1312992067.0000020D97B92000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1309202080.0000020D97FBD000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1312208898.0000020D97B8B000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1314557227.0000020D97BDA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1309279270.0000020D97E64000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_codesetup.exe, 00000003.00000002.1321865324.0000020D978E0000.00000004.00001000.00020000.00000000.sdmpfalse
          		high
          https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readersetup.exe, 00000003.00000003.1314860934.0000020D97AFA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1322191347.0000020D97AFF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1322162465.0000020D97AFC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1317469928.0000020D97AFE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1317133673.0000020D97AFC000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_sourcesetup.exe, 00000003.00000002.1321865324.0000020D97964000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              https://www.openssl.org/Hsetup.exe, 00000000.00000003.1293428889.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1327696373.00007FF820954000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000003.00000002.1325729404.00007FF820420000.00000002.00000001.01000000.0000000B.sdmp, libcrypto-3.dll.0.drfalse
                		high
                https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_modulesetup.exe, 00000003.00000002.1321865324.0000020D978E0000.00000004.00001000.00020000.00000000.sdmpfalse
                  		high
                  https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_specsetup.exe, 00000003.00000002.1321865324.0000020D978E0000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://peps.python.org/pep-0205/setup.exe, 00000003.00000003.1297001365.0000020D97AE1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1323971624.0000020D98020000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1308461337.0000020D97F3F000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drfalse
                      		high
                      http://www.microsoft.csetup.exe, 00000000.00000003.1289305529.0000017F25DCE000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://docs.python.org/3/howto/mro.html.setup.exe, 00000003.00000002.1322537333.0000020D97D20000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                          		high
                          https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_packagesetup.exe, 00000003.00000002.1321865324.0000020D978E0000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachessetup.exe, 00000003.00000002.1321865324.0000020D978E0000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#setup.exe, 00000003.00000003.1314860934.0000020D97AFA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1322191347.0000020D97AFF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1322162465.0000020D97AFC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1317469928.0000020D97AFE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1317133673.0000020D97AFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://www.python.org/psf/license/)setup.exe, 00000003.00000002.1329652386.00007FF820F49000.00000002.00000001.01000000.00000004.sdmp, python313.dll.0.drfalse
                                  		high
                                  https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pysetup.exe, 00000003.00000003.1317133673.0000020D97AFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_datasetup.exe, 00000003.00000003.1314860934.0000020D97AFA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1322191347.0000020D97AFF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1317469928.0000020D97AFE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1317133673.0000020D97AFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_modulesetup.exe, 00000003.00000002.1321865324.0000020D97964000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sysetup.exe, 00000003.00000003.1314860934.0000020D97AFA000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1322191347.0000020D97AFF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.1322162465.0000020D97AFC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1317469928.0000020D97AFE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000003.1317133673.0000020D97AFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://peps.python.org/pep-0263/setup.exe, 00000003.00000002.1329652386.00007FF820F49000.00000002.00000001.01000000.00000004.sdmp, python313.dll.0.drfalse
                                            		high
                                            https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenamesetup.exe, 00000003.00000002.1321865324.0000020D978E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high

                                              World Map of Contacted IPs

                                              No contacted IP infos

                                              General Information

                                              Joe Sandbox version:42.0.0 Malachite
                                              Analysis ID:1587967
                                              Start date and time:2025-01-10 19:54:41 +01:00
                                              Joe Sandbox product:CloudBasic
                                              Overall analysis duration:0h 5m 20s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                              Number of analysed new started processes analysed:4
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Sample name:setup.exe
                                              Detection:MAL
                                              Classification:mal52.winEXE@4/14@0/0
                                              EGA Information:
                                              • Successful, ratio: 100%
                                              HCA Information:Failed
                                              Cookbook Comments:
                                              • Found application associated with file extension: .exe
                                              • Stop behavior analysis, all processes terminated

                                              Warnings

                                              • Exclude process from analysis (whitelisted): dllhost.exe
                                              • Excluded IPs from analysis (whitelisted): 13.107.246.45
                                              • Excluded domains from analysis (whitelisted): otelrules.azureedge.net
                                              • Not all processes where analyzed, report is missing behavior information
                                              • Report size exceeded maximum capacity and may have missing disassembly code.

                                              Simulations

                                              Behavior and APIs

                                              No simulations

                                              Joe Sandbox View / Context

                                              IPs

                                              No context

                                              Domains

                                              No context

                                              ASNs

                                              No context

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              C:\Users\user\AppData\Local\Temp\_MEI78122\VCRUNTIME140.dlldriver.exeGet hashmaliciousBlank GrabberBrowse
                                                SAP_Automation.exeGet hashmaliciousUnknownBrowse
                                                  file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                    user.exeGet hashmaliciousUnknownBrowse
                                                      UpdaterTool.exeGet hashmaliciousUnknownBrowse
                                                        paint.exeGet hashmaliciousBlank GrabberBrowse
                                                          3LcZO15oTC.exeGet hashmaliciousUnknownBrowse
                                                            X9g8L63QGs.exeGet hashmaliciousBlank GrabberBrowse
                                                              riFSkYVMKB.exeGet hashmaliciousBlank GrabberBrowse
                                                                mcgen.exeGet hashmaliciousBlank GrabberBrowse

                                                                  Created / dropped Files

                                                                  C:\Users\user\AppData\Local\Temp\_MEI78122\VCRUNTIME140.dll

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\setup.exe
                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):120400
                                                                  Entropy (8bit):6.6017475353076716
                                                                  Encrypted:false
                                                                  SSDEEP:1536:N9TXF5LLXQLlNycKW+D4SdqJk6aN1ACuyxLiyazYaCVoecbdhgOwAd+zfZ1zu:N9jelDoD9uyxLizzFzecbdPwA87S
                                                                  MD5:862F820C3251E4CA6FC0AC00E4092239
                                                                  SHA1:EF96D84B253041B090C243594F90938E9A487A9A
                                                                  SHA-256:36585912E5EAF83BA9FEA0631534F690CCDC2D7BA91537166FE53E56C221E153
                                                                  SHA-512:2F8A0F11BCCC3A8CB99637DEEDA0158240DF0885A230F38BB7F21257C659F05646C6B61E993F87E0877F6BA06B347DDD1FC45D5C44BC4E309EF75ED882B82E4E
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                  Joe Sandbox View:
                                                                  • Filename: driver.exe, Detection: malicious, Browse
                                                                  • Filename: SAP_Automation.exe, Detection: malicious, Browse
                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                  • Filename: user.exe, Detection: malicious, Browse
                                                                  • Filename: UpdaterTool.exe, Detection: malicious, Browse
                                                                  • Filename: paint.exe, Detection: malicious, Browse
                                                                  • Filename: 3LcZO15oTC.exe, Detection: malicious, Browse
                                                                  • Filename: X9g8L63QGs.exe, Detection: malicious, Browse
                                                                  • Filename: riFSkYVMKB.exe, Detection: malicious, Browse
                                                                  • Filename: mcgen.exe, Detection: malicious, Browse
                                                                  Reputation:moderate, very likely benign file
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\=..\...\...\..S$...\...$...\...\..5\...\...\.....\.....\.....\.....\......\.....\..Rich.\..........PE..d.....x.........." ...).$...d............................................................`A........................................0u..4...d}..........................PP...........^..p............................\..@............@...............................text............................... ..`fothk........0...................... ..`.rdata...C...@...D...(..............@..@.data................l..............@....pdata...............p..............@..@_RDATA...............|..............@..@.rsrc................~..............@..@.reloc..............................@..B................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Temp\_MEI78122\_bz2.pyd

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\setup.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):85496
                                                                  Entropy (8bit):6.614481743039511
                                                                  Encrypted:false
                                                                  SSDEEP:1536:XEfz7lgmVLsSIX0qku0Spf72hbktIj865spLFImLV7yUzR9AfIIoT:0fz1IX8FS12itIA66pLFImLV5X
                                                                  MD5:C17DCB7FC227601471A641EC90E6237F
                                                                  SHA1:C93A8C2430E844F40F1D9C880AA74612409FFBB9
                                                                  SHA-256:55894B2B98D01F37B9A8CF4DAF926D0161FF23C2FB31C56F9DBBAC3A61932712
                                                                  SHA-512:38851CBD234A51394673A7514110EB43037B4E19D2A6FB79471CC7D01DBCF2695E70DF4BA2727C69F1FED56FC7980E3CA37FDDFF73CC3294A2EA44FACDEB0FA9
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                  Reputation:low
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4@..4@..4@..L...4@..A..4@....4@..C..4@..D..4@..E..4@.v.A..4@..A..4@..4A.4@.v.M..4@.v.@..4@.v....4@.v.B..4@.Rich.4@.................PE..d....WOg.........." ...*.....\..............................................P......Og....`.............................................H...(........0....... .. ........3...@..........T...........................`...@...............x............................text...?........................... ..`.rdata...=.......>..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Temp\_MEI78122\_decimal.pyd

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\setup.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):280808
                                                                  Entropy (8bit):6.594541687872342
                                                                  Encrypted:false
                                                                  SSDEEP:6144:ZtC0Z5JA0/8cyMn9qWM53pLW1Acr8sJMIsgVFe:DbJAy86a9diFe
                                                                  MD5:AD4324E5CC794D626FFCCDA544A5A833
                                                                  SHA1:EF925E000383B6CAD9361430FC38264540D434A5
                                                                  SHA-256:040F361F63204B55C17A100C260C7DDFADD00866CC055FBD641B83A6747547D5
                                                                  SHA-512:0A002B79418242112600B9246DA66A5C04651AECB2E245F0220B2544D7B7DF67A20139F45DDF2D4E7759CE8CC3D6B4BE7F98B0A221C756449EB1B6D7AF602325
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                  Reputation:low
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\lUT..;...;...;..u....;...:...;...8...;...?...;...>...;...:...;.j.:...;...:...;...8...;...6...;...;...;.......;...9...;.Rich..;.........................PE..d....WOg.........." ...*.....\...............................................P......\V....`.................................................\........0...........+.......6...@..........T...............................@............... ............................text............................... ..`.rdata..l...........................@..@.data...8'......."..................@....pdata...+.......,..................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Temp\_MEI78122\_hashlib.pyd

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\setup.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):65528
                                                                  Entropy (8bit):6.228447315858868
                                                                  Encrypted:false
                                                                  SSDEEP:1536:2LDxflFwY9XDhnuVNv1dImvIqyUzR9yRfIPF:2J92ATMVNv1dImvI5qd
                                                                  MD5:422E214CA76421E794B99F99A374B077
                                                                  SHA1:58B24448AB889948303CDEFE28A7C697687B7EBC
                                                                  SHA-256:78223AEF72777EFC93C739F5308A3FC5DE28B7D10E6975B8947552A62592772B
                                                                  SHA-512:03FCCCC5A300CC029BEF06C601915FA38604D955995B127B5B121CB55FB81752A8A1EEC4B1B263BA12C51538080335DABAEF9E2B8259B4BF02AF84A680552FA0
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N.A..............K.............................................x.........................................'.............Rich............PE..d....WOg.........." ...*.P...~.......=....................................................`.........................................p...P................................3......X....l..T............................k..@............`...............................text....N.......P.................. ..`.rdata...M...`...N...T..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Temp\_MEI78122\_lzma.pyd

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\setup.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):159224
                                                                  Entropy (8bit):6.86011233030861
                                                                  Encrypted:false
                                                                  SSDEEP:3072:kn18fe1+/ol6s/7NjQWzjUZ1/oPEznfB9mNo7r0J0q4BcFIm01zwWO:k0s0Ef0gS5YO7ICq4BcYw
                                                                  MD5:66A9028EFD1BB12047DAFCE391FD6198
                                                                  SHA1:E0B61CE28EA940F1F0D5247D40ABE61AE2B91293
                                                                  SHA-256:E44DEA262A24DF69FD9B50B08D09AE6F8B051137CE0834640C977091A6F9FCA8
                                                                  SHA-512:3C2A4E2539933CBEB1D0B3C8EF14F0563675FD53B6EF487C7A5371DFE2EE1932255F91DB598A61AAADACD8DC2FE2486A91F586542C52DFC054B22AD843831D1E
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..C~...~...~...w.?.z...o3..|...o3..}...o3..v...o3..r....3..}....4..|...~........3..D....3.......3S......3......Rich~...........PE..d....WOg.........." ...*.`...........1.......................................p............`.............................................L.......x....P.......0.......:...3...`..4....|..T...........................P{..@............p...............................text...N^.......`.................. ..`.rdata.......p.......d..............@..@.data........ ......................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..4....`.......8..............@..B................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Temp\_MEI78122\_socket.pyd

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\setup.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):84984
                                                                  Entropy (8bit):6.333897580970998
                                                                  Encrypted:false
                                                                  SSDEEP:1536:auV3gvWHQdMq3ORC/OypTNQlyJ+9+nzLYwsSI6tzOCu5ImywwyUzR9EtfI5gn:auVQvcQTSypTNQlyJs+nzLYaI6Qt5ImX
                                                                  MD5:ABF998769F3CBA685E90FA06E0EC8326
                                                                  SHA1:DAA66047CF22B6BE608127F8824E59B30C9026BF
                                                                  SHA-256:62D0493CED6CA33E2FD8141649DD9889C23B2E9AFC5FDF56EDB4F888C88FB823
                                                                  SHA-512:08C6B3573C596A15ACCF4936533567415198A0DAAB5B6E9824B820FD1F078233BBC3791FDE6971489E70155F7C33C1242B0B0A3A17FE2EC95B9FADAE555ED483
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........c..\..}\..}\..}UzR}Z..}M..|^..}M..|_..}M..|T..}M..|Q..}..|^..}\..}...}...|U..}..|]..}..|]..}.>}]..}..|]..}Rich\..}........PE..d....WOg.........." ...*.x.......... -.......................................`............`.........................................@...P............@.......0...........3...P..........T...........................@...@............................................text....w.......x.................. ..`.rdata.. y.......z...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Temp\_MEI78122\_ssl.pyd

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\setup.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):183152
                                                                  Entropy (8bit):5.997266895709134
                                                                  Encrypted:false
                                                                  SSDEEP:3072:t1xR+3mH45blLE2fB6C5OnLEH8ui1ba+VRJNI7IM/H9o/PCrXuIJMUFImL7O1Vx:ro245+qB6C5PcuijTGr2x
                                                                  MD5:CF541CC288AC0BEC9B682A2E0011D1FF
                                                                  SHA1:EF0DD009FDAD14B3F6063619112DCDFAFB17186D
                                                                  SHA-256:E94F0195363C5C9BABFC4C17EC6FB1AA8BBABF59E377DB66CE6A79C4C58BBD07
                                                                  SHA-512:F97E7FC644356BEBE7E3DEAA46B7DE61118B13AF99C9E91D0FBCBE3CAEA0C941265BCB28FEE31A22FC3031C6428517C5202C1425654F3C2CD234979C9E3C04B8
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g.^.............~!.....................................-...................4..........-.......-.......-.M.....-.......Rich............PE..d....WOg.........." ...*............ /..............................................ys....`.........................................@...d.......................t.......p7..............T...........................@...@............................................text............................... ..`.rdata...$.......&..................@..@.data...`...........................@....pdata..t............l..............@..@.rsrc................x..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Temp\_MEI78122\base_library.zip

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\setup.exe
                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                  Category:dropped
                                                                  Size (bytes):1396821
                                                                  Entropy (8bit):5.531015514770172
                                                                  Encrypted:false
                                                                  SSDEEP:12288:0W7WpzO6etYzGNcT1pz3YQfiBgDPtLwjFx278SAZQYF93BGfL+DuWFnjVpdxhYVd:l7WpzZSeT1xTYF9f5pdxhYVP05WdZ7
                                                                  MD5:18C3F8BF07B4764D340DF1D612D28FAD
                                                                  SHA1:FC0E09078527C13597C37DBEA39551F72BBE9AE8
                                                                  SHA-256:6E30043DFA5FAF9C31BD8FB71778E8E0701275B620696D29AD274846676B7175
                                                                  SHA-512:135B97CD0284424A269C964ED95B06D338814E5E7B2271B065E5EABF56A8AF4A213D863DD2A1E93C1425FADB1B20E6C63FFA6E8984156928BE4A9A2FBBFD5E93
                                                                  Malicious:false
                                                                  Preview:PK..........!.+.P............._collections_abc.pyc......................................\.....S.r.S.S.K.J.r.J.r. .S.S.K.r.\.".\.\.....5.......r.\.".S.5.......r.S...r.\.".\.5.......r.C./.S.Q.r.S.r.\.".\.".S.5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".0.R%..................5.......5.......5.......r.\.".\.".0.R)..................5.......5.......5.......r.\.".\.".0.R-..................5.......5.......5.......r.\.".\."./.5.......5.......r.\.".\.".\."./.5.......5.......5.......r.\.".\.".\.".S.5.......5.......5.......r.\.".\.".\.".S.S.-...5.......5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".S.5.......5.......r \.".\.".S.5.......5.......r!\.".\.".\"".5.......5.......5.......r#\.".0.R%..................5.......5.......r$\.".0.R)..................5.......5.......r%\.".0.R-..................5.......5.......r&\.".\.RN..................5.......r(S...r)\)".5.......r*C)\.".S...".5.......5.......r+S...r,\,".5.......r,\.".\,5.......r-\,R]..................5.......

                                                                  C:\Users\user\AppData\Local\Temp\_MEI78122\libcrypto-3.dll

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\setup.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):5232408
                                                                  Entropy (8bit):5.940072183736028
                                                                  Encrypted:false
                                                                  SSDEEP:98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
                                                                  MD5:123AD0908C76CCBA4789C084F7A6B8D0
                                                                  SHA1:86DE58289C8200ED8C1FC51D5F00E38E32C1AAD5
                                                                  SHA-256:4E5D5D20D6D31E72AB341C81E97B89E514326C4C861B48638243BDF0918CFA43
                                                                  SHA-512:80FAE0533BA9A2F5FA7806E86F0DB8B6AAB32620DDE33B70A3596938B529F3822856DE75BDDB1B06721F8556EC139D784BC0BB9C8DA0D391DF2C20A80D33CB04
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(..7..<......v........................................0P.......O...`...........................................H.0.....O.@....@O.|.... L. .....O../...PO.$...`{D.8............................yD.@.............O..............................text.....7.......7................. ..`.rdata........7.......7.............@..@.data...Ao....K..<....K.............@....pdata....... L.......K.............@..@.idata...%....O..&....N.............@..@.00cfg..u....0O.......N.............@..@.rsrc...|....@O.......N.............@..@.reloc..~....PO.......N.............@..B................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Temp\_MEI78122\libssl-3.dll

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\setup.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):792856
                                                                  Entropy (8bit):5.57949182561317
                                                                  Encrypted:false
                                                                  SSDEEP:12288:7LN1sdyIzHHZp5c3nlUa6lxzAG11rbmFe9Xbv:7LgfzH5I3nlUa2AU2Fe9Xbv
                                                                  MD5:4FF168AAA6A1D68E7957175C8513F3A2
                                                                  SHA1:782F886709FEBC8C7CEBCEC4D92C66C4D5DBCF57
                                                                  SHA-256:2E4D35B681A172D3298CAF7DC670451BE7A8BA27C26446EFC67470742497A950
                                                                  SHA-512:C372B759B8C7817F2CBB78ECCC5A42FA80BDD8D549965BD925A97C3EEBDCE0335FBFEC3995430064DEAD0F4DB68EBB0134EB686A0BE195630C49F84B468113E3
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.>..|m..|m..|m.u.m..|m+.}l..|m.u}l..|m+..l..|m+.xl..|m+.yl..|m..}l..|m..}m..|m..xl..|m..|l..|m...m..|m..~l..|mRich..|m................PE..d......f.........." ...(.>..........K........................................0......!+....`..........................................x...Q..............s.... ...M......./......d...p...8...............................@............................................text....<.......>.................. ..`.rdata..hz...P...|...B..............@..@.data...qN.......H..................@....pdata..pV... ...X..................@..@.idata...c.......d...^..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..C...........................@..B........................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Temp\_MEI78122\python313.dll

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\setup.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):6093816
                                                                  Entropy (8bit):6.129208926967787
                                                                  Encrypted:false
                                                                  SSDEEP:98304:IDcLwZ+b7nYp4zwSL3TvGnYSBvxHDMiEZ10i:IDgt7nYpvu3TvJik0i
                                                                  MD5:3AAD23292404A7038EB07CE5A6348256
                                                                  SHA1:35CAC5479699B28549EBE36C1D064BFB703F0857
                                                                  SHA-256:78B1DD211C0E66A0603DF48DA2C9B67A915AB3258701B9285D3FAA255ED8DC25
                                                                  SHA-512:F5B6EF04E744D2C98C1EF9402D7A8CE5CDA3B008837CF2C37A8B6D0CD1B188CA46585A40B2DB7ACF019F67E6CED59EFF5BC86E1AAF48D3C3B62FECF37F3AEC6B
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F.r.'.!.'.!.'.!.. .'.!.z!.'.!.. .'.!.. .'.!.. .'.!._.!.'.!... .'.!.'.!N&.!F.. -'.!F.. .'.!F.x!.'.!F.. .'.!Rich.'.!........PE..d....WOg.........." ...*.L+..f9.....`W........................................d.......]...`...........................................P.......P...... d......P].......\..3...0d.D....Q3.T.....................I.(....P3.@............`+..............................text....K+......L+................. ..`.rdata....%..`+...%..P+.............@..@.data...$:....Q..N....P.............@....pdata.......P]......@U.............@..@PyRuntim.N...._..P....W.............@....rsrc........ d.......\.............@..@.reloc..D....0d.......\.............@..B........................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Temp\_MEI78122\select.pyd

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\setup.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):32248
                                                                  Entropy (8bit):6.547651395731859
                                                                  Encrypted:false
                                                                  SSDEEP:768:QCy9Hf68Z5Im9G9JyUFRYT2Ip4HCxf1mlzzTz:QCy9/68Z5Im9G3yUzR9YfIPv
                                                                  MD5:62FE3761D24B53D98CC9B0CBBD0FEB7C
                                                                  SHA1:317344C9EDF2FCFA2B9BC248A18F6E6ACEDAFFFB
                                                                  SHA-256:81F124B01A85882E362A42E94A13C0EFF2F4CCD72D461821DC5457A789554413
                                                                  SHA-512:A1D3DA17937087AF4E5980D908ED645D4EA1B5F3EBFAB5C572417DF064707CAE1372B331C7096CC8E2E041DB9315172806D3BC4BB425C6BB4D2FA55E00524881
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Ks{.*.(.*.(.*.(.R.(.*.(..).*.(..).*.(..).*.(..).*.(w..).*.(.*.(.*.(...).*.(w..).*.(w..).*.(w..(.*.(w..).*.(Rich.*.(................PE..d....WOg.........." ...*.....2......................................................n.....`..........................................@..L...<A..x....p.......`.......J...3......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...p....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Temp\_MEI78122\unicodedata.pyd

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\setup.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):711912
                                                                  Entropy (8bit):5.867548153768221
                                                                  Encrypted:false
                                                                  SSDEEP:12288:LY4dLI/X77mvfldCKGihH32W3cnPSqrUgLnm:LY4W7qNxr3cnPXLnm
                                                                  MD5:43B8B61DEBBC6DD93124A00DDD922D8C
                                                                  SHA1:5DEE63D250AC6233AAC7E462EEE65C5326224F01
                                                                  SHA-256:3F462EE6E7743A87E5791181936539642E3761C55DE3DE980A125F91FE21F123
                                                                  SHA-512:DD4791045CF887E6722FEAE4442C38E641F19EC994A8EAF7667E9DF9EA84378D6D718CAF3390F92443F6BBF39840C150121BB6FA896C4BADD3F78F1FFE4DE19D
                                                                  Malicious:false
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b..Q&...&...&.../fY. ...7...$...7...%...7.......7...+.......%...T...$...&...i.......'.......'.....5.'.......'...Rich&...................PE..d....WOg.........." ...*.B...f......P,....................................................`.........................................P...X................................6..........p...T...........................0...@............`..h............................text....@.......B.................. ..`.rdata...?...`...@...F..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                  \Device\ConDrv

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\setup.exe
                                                                  File Type:ASCII text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):79
                                                                  Entropy (8bit):4.694948469148376
                                                                  Encrypted:false
                                                                  SSDEEP:3:GtBFReNmI4SG/AuF5QEyn:8MmI4SG43
                                                                  MD5:94F16E7FC8A3280B12B01DDEC85FC1DC
                                                                  SHA1:D0B504A38CBDA21ECB1BD0AED6927462F31ADF62
                                                                  SHA-256:A62986AB8A5B2791B77246DB1AF88E30B42BBDBB473FA63619C4804B4ADB0535
                                                                  SHA-512:C341F5E00F972C68576D26A309B338256FDDE62FC642E3A842F86CED6BB8A65D1226B92ADD37EFF47A788F0B6F7EAD5EC7489E4830FEC0A8E1420A33F5306582
                                                                  Malicious:false
                                                                  Preview:[PYI-7912:ERROR] Failed to execute script 'setup' due to unhandled exception!..

                                                                  Static File Info

                                                                  General

                                                                  File type:PE32+ executable (console) x86-64, for MS Windows
                                                                  Entropy (8bit):7.990713087443098
                                                                  TrID:
                                                                  • Win64 Executable Console (202006/5) 92.65%
                                                                  • Win64 Executable (generic) (12005/4) 5.51%
                                                                  • Generic Win/DOS Executable (2004/3) 0.92%
                                                                  • DOS Executable Generic (2002/1) 0.92%
                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                  File name:setup.exe
                                                                  File size:7'620'450 bytes
                                                                  MD5:37fcc1898fd2c1468fef8b616d2e4d56
                                                                  SHA1:2cb2bd61bb050dd87675543076a9f5693ddecb95
                                                                  SHA256:95f89677ac06e21b3fb760233e4a8caf5a49cad663bb9a4944a904dfa3debdab
                                                                  SHA512:61620f45b080d6377f499bb4c6d6b7fe420c0a71b577e70c63ebd0b99655c228e84c1fdf170960352ac3eea852d84d14996638af1dfa271f1b3ac41c5749a01e
                                                                  SSDEEP:196608:JCz8AkdaXMCHGLLc54i1wN+VrRRu7NtbFRKnZMZDGhmsPwlnJnTN8:+AcXMCHWUjtrRQ7XbFsn6ZqEPpN
                                                                  TLSH:F476334563B115F9FEB3513EC9E0ED3AC265BC6927B0C68363E84B632E131D9693D221
                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......xh.B<...<...<...wq..;...wq......wq..6...,.W.>...,...5...,...-...,.......wq..;...<.......w...%...w...=...Rich<...........PE..d..

                                                                  File Icon

                                                                  Icon Hash:2e1e7c4c4c61e979

                                                                  Static PE Info

                                                                  General

                                                                  Entrypoint:0x14000c380
                                                                  Entrypoint Section:.text
                                                                  Digitally signed:false
                                                                  Imagebase:0x140000000
                                                                  Subsystem:windows cui
                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                  DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                  Time Stamp:0x678162A2 [Fri Jan 10 18:10:42 2025 UTC]
                                                                  TLS Callbacks:
                                                                  CLR (.Net) Version:
                                                                  OS Version Major:6
                                                                  OS Version Minor:0
                                                                  File Version Major:6
                                                                  File Version Minor:0
                                                                  Subsystem Version Major:6
                                                                  Subsystem Version Minor:0
                                                                  Import Hash:a06f302f71edd380da3d5bf4a6d94ebd

                                                                  Entrypoint Preview

                                                                  Instruction
                                                                  dec eax
                                                                  sub esp, 28h
                                                                  call 00007EFC5C4C849Ch
                                                                  dec eax
                                                                  add esp, 28h
                                                                  jmp 00007EFC5C4C80AFh
                                                                  int3
                                                                  int3
                                                                  int3
                                                                  int3
                                                                  int3
                                                                  int3
                                                                  int3
                                                                  int3
                                                                  int3
                                                                  int3
                                                                  int3
                                                                  int3
                                                                  int3
                                                                  int3
                                                                  dec eax
                                                                  sub esp, 28h
                                                                  call 00007EFC5C4C8828h
                                                                  test eax, eax
                                                                  je 00007EFC5C4C8263h
                                                                  dec eax
                                                                  mov eax, dword ptr [00000030h]
                                                                  dec eax
                                                                  mov ecx, dword ptr [eax+08h]
                                                                  jmp 00007EFC5C4C8247h
                                                                  dec eax
                                                                  cmp ecx, eax
                                                                  je 00007EFC5C4C8256h
                                                                  xor eax, eax
                                                                  dec eax
                                                                  cmpxchg dword ptr [000381ACh], ecx
                                                                  jne 00007EFC5C4C8230h
                                                                  xor al, al
                                                                  dec eax
                                                                  add esp, 28h
                                                                  ret
                                                                  mov al, 01h
                                                                  jmp 00007EFC5C4C8239h
                                                                  int3
                                                                  int3
                                                                  int3
                                                                  dec eax
                                                                  sub esp, 28h
                                                                  test ecx, ecx
                                                                  jne 00007EFC5C4C8249h
                                                                  mov byte ptr [00038195h], 00000001h
                                                                  call 00007EFC5C4C7985h
                                                                  call 00007EFC5C4C8C40h
                                                                  test al, al
                                                                  jne 00007EFC5C4C8246h
                                                                  xor al, al
                                                                  jmp 00007EFC5C4C8256h
                                                                  call 00007EFC5C4D714Fh
                                                                  test al, al
                                                                  jne 00007EFC5C4C824Bh
                                                                  xor ecx, ecx
                                                                  call 00007EFC5C4C8C50h
                                                                  jmp 00007EFC5C4C822Ch
                                                                  mov al, 01h
                                                                  dec eax
                                                                  add esp, 28h
                                                                  ret
                                                                  int3
                                                                  int3
                                                                  inc eax
                                                                  push ebx
                                                                  dec eax
                                                                  sub esp, 20h
                                                                  cmp byte ptr [0003815Ch], 00000000h
                                                                  mov ebx, ecx
                                                                  jne 00007EFC5C4C82A9h
                                                                  cmp ecx, 01h
                                                                  jnbe 00007EFC5C4C82ACh
                                                                  call 00007EFC5C4C879Eh
                                                                  test eax, eax
                                                                  je 00007EFC5C4C826Ah
                                                                  test ebx, ebx
                                                                  jne 00007EFC5C4C8266h
                                                                  dec eax
                                                                  lea ecx, dword ptr [00038146h]
                                                                  call 00007EFC5C4D6F42h

                                                                  Data Directories

                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x3e9ec0x50.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x490000xef8c.rsrc
                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x460000x22bc.pdata
                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x580000x768.reloc
                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x3bfb00x1c.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3be700x140.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x2d0000x400.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                  Sections

                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                  .text0x10000x2b1700x2b200420661550c659f884db561712e500aaeFalse0.5455615942028985data6.498595774489571IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                  .rdata0x2d0000x128020x12a00b8d821964fcf50f90055cd52cbe00a14False0.5229393875838926data5.768424560915416IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                  .data0x400000x54080xe00aff56347f897785154c53727472c548dFalse0.13504464285714285data1.8315705466577277IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                  .pdata0x460000x22bc0x24002411a276649fc67a0a93227155911735False0.4740668402777778data5.334571311334213IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                  .rsrc0x490000xef8c0xf0005d72e0338b034862f777c781ab7d2219False0.8010091145833333data7.3501462320035476IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                  .reloc0x580000x7680x80042d6242177dbae8e11ed5d64b87d0d48False0.5576171875data5.268722219019965IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                  Resources

                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                  RT_ICON0x492080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.56636460554371
                                                                  RT_ICON0x4a0b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7287906137184116
                                                                  RT_ICON0x4a9580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.7471098265895953
                                                                  RT_ICON0x4aec00x909bPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9971636186822983
                                                                  RT_ICON0x53f5c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.38309128630705397
                                                                  RT_ICON0x565040x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.4826454033771107
                                                                  RT_ICON0x575ac0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.699468085106383
                                                                  RT_GROUP_ICON0x57a140x68data0.7019230769230769
                                                                  RT_MANIFEST0x57a7c0x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                  Imports

                                                                  DLLImport
                                                                  USER32.dllTranslateMessage, ShutdownBlockReasonCreate, GetWindowThreadProcessId, SetWindowLongPtrW, GetWindowLongPtrW, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, CreateWindowExW, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, GetMessageW
                                                                  KERNEL32.dllGetTimeZoneInformation, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCPInfo, GetOEMCP, GetACP, IsValidCodePage, GetStringTypeW, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, CreateDirectoryW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, HeapSize, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, GetCurrentProcessId, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, GetConsoleWindow, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, GetFileAttributesExW, HeapReAlloc, WriteConsoleW, SetEndOfFile, GetDriveTypeW, IsDebuggerPresent, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, GetModuleHandleW, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, GetCommandLineA, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, GetCurrentDirectoryW, FlushFileBuffers, SetEnvironmentVariableW
                                                                  ADVAPI32.dllConvertSidToStringSidW, GetTokenInformation, OpenProcessToken, ConvertStringSecurityDescriptorToSecurityDescriptorW

                                                                  Network Behavior

                                                                  No network behavior found

                                                                  Statistics

                                                                  CPU Usage

                                                                  Click to jump to process

                                                                  Memory Usage

                                                                  Click to jump to process

                                                                  Behavior

                                                                  Click to jump to process

                                                                  System Behavior

                                                                  General

                                                                  Target ID:0
                                                                  Start time:13:55:34
                                                                  Start date:10/01/2025
                                                                  Path:C:\Users\user\Desktop\setup.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Users\user\Desktop\setup.exe"
                                                                  Imagebase:0x7ff702bc0000
                                                                  File size:7'620'450 bytes
                                                                  MD5 hash:37FCC1898FD2C1468FEF8B616D2E4D56
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:low
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:1
                                                                  Start time:13:55:34
                                                                  Start date:10/01/2025
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff620390000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:3
                                                                  Start time:13:55:35
                                                                  Start date:10/01/2025
                                                                  Path:C:\Users\user\Desktop\setup.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Users\user\Desktop\setup.exe"
                                                                  Imagebase:0x7ff702bc0000
                                                                  File size:7'620'450 bytes
                                                                  MD5 hash:37FCC1898FD2C1468FEF8B616D2E4D56
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:low
                                                                  Has exited:true

                                                                  Disassembly

                                                                  Reset < >

                                                                    Execution Graph

                                                                    Execution Coverage:9.1%
                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                    Signature Coverage:16.1%
                                                                    Total number of Nodes:2000
                                                                    Total number of Limit Nodes:70
                                                                    execution_graph 16922 7ff702bd65e4 16923 7ff702bd661b 16922->16923 16924 7ff702bd65fe 16922->16924 16923->16924 16925 7ff702bd662e CreateFileW 16923->16925 16947 7ff702bd5e28 16924->16947 16927 7ff702bd6662 16925->16927 16928 7ff702bd6698 16925->16928 16956 7ff702bd6738 GetFileType 16927->16956 16982 7ff702bd6bc0 16928->16982 16936 7ff702bd668d CloseHandle 16942 7ff702bd6616 16936->16942 16937 7ff702bd6677 CloseHandle 16937->16942 16938 7ff702bd66a1 17003 7ff702bd5dbc 16938->17003 16939 7ff702bd66cc 17008 7ff702bd6980 16939->17008 16946 7ff702bd66ab 16946->16942 17025 7ff702bdc1c8 GetLastError 16947->17025 16949 7ff702bd5e31 16950 7ff702bd5e48 16949->16950 16951 7ff702bdc1c8 _get_daylight 11 API calls 16950->16951 16952 7ff702bd5e51 16951->16952 16953 7ff702bdb824 16952->16953 17083 7ff702bdb6bc 16953->17083 16955 7ff702bdb83d 16955->16942 16957 7ff702bd6843 16956->16957 16958 7ff702bd6786 16956->16958 16960 7ff702bd684b 16957->16960 16961 7ff702bd686d 16957->16961 16959 7ff702bd67b2 GetFileInformationByHandle 16958->16959 16962 7ff702bd6abc 21 API calls 16958->16962 16963 7ff702bd67db 16959->16963 16964 7ff702bd685e GetLastError 16959->16964 16960->16964 16965 7ff702bd684f 16960->16965 16966 7ff702bd6890 PeekNamedPipe 16961->16966 16981 7ff702bd682e 16961->16981 16967 7ff702bd67a0 16962->16967 16968 7ff702bd6980 51 API calls 16963->16968 16970 7ff702bd5dbc _fread_nolock 11 API calls 16964->16970 16969 7ff702bd5e48 _get_daylight 11 API calls 16965->16969 16966->16981 16967->16959 16967->16981 16972 7ff702bd67e6 16968->16972 16969->16981 16970->16981 16971 7ff702bcbb10 _log10_special 8 API calls 16973 7ff702bd6670 16971->16973 17149 7ff702bd68e0 16972->17149 16973->16936 16973->16937 16976 7ff702bd68e0 10 API calls 16977 7ff702bd6805 16976->16977 16978 7ff702bd68e0 10 API calls 16977->16978 16979 7ff702bd6816 16978->16979 16980 7ff702bd5e48 _get_daylight 11 API calls 16979->16980 16979->16981 16980->16981 16981->16971 16983 7ff702bd6bf6 16982->16983 16984 7ff702bd5e48 _get_daylight 11 API calls 16983->16984 17002 7ff702bd6c8e __std_exception_destroy 16983->17002 16986 7ff702bd6c08 16984->16986 16985 7ff702bcbb10 _log10_special 8 API calls 16987 7ff702bd669d 16985->16987 16988 7ff702bd5e48 _get_daylight 11 API calls 16986->16988 16987->16938 16987->16939 16989 7ff702bd6c10 16988->16989 17156 7ff702bd8d44 16989->17156 16991 7ff702bd6c25 16992 7ff702bd6c2d 16991->16992 16993 7ff702bd6c37 16991->16993 16994 7ff702bd5e48 _get_daylight 11 API calls 16992->16994 16995 7ff702bd5e48 _get_daylight 11 API calls 16993->16995 16999 7ff702bd6c32 16994->16999 16996 7ff702bd6c3c 16995->16996 16997 7ff702bd5e48 _get_daylight 11 API calls 16996->16997 16996->17002 16998 7ff702bd6c46 16997->16998 17000 7ff702bd8d44 45 API calls 16998->17000 17001 7ff702bd6c80 GetDriveTypeW 16999->17001 16999->17002 17000->16999 17001->17002 17002->16985 17004 7ff702bdc1c8 _get_daylight 11 API calls 17003->17004 17005 7ff702bd5dc9 __free_lconv_num 17004->17005 17006 7ff702bdc1c8 _get_daylight 11 API calls 17005->17006 17007 7ff702bd5deb 17006->17007 17007->16946 17010 7ff702bd69a8 17008->17010 17009 7ff702bd66d9 17018 7ff702bd6abc 17009->17018 17010->17009 17250 7ff702be0994 17010->17250 17012 7ff702bd6a3c 17012->17009 17013 7ff702be0994 51 API calls 17012->17013 17014 7ff702bd6a4f 17013->17014 17014->17009 17015 7ff702be0994 51 API calls 17014->17015 17016 7ff702bd6a62 17015->17016 17016->17009 17017 7ff702be0994 51 API calls 17016->17017 17017->17009 17019 7ff702bd6ad6 17018->17019 17020 7ff702bd6b0d 17019->17020 17021 7ff702bd6ae6 17019->17021 17022 7ff702be0828 21 API calls 17020->17022 17023 7ff702bd5dbc _fread_nolock 11 API calls 17021->17023 17024 7ff702bd6af6 17021->17024 17022->17024 17023->17024 17024->16946 17026 7ff702bdc209 FlsSetValue 17025->17026 17028 7ff702bdc1ec 17025->17028 17027 7ff702bdc21b 17026->17027 17040 7ff702bdc1f9 SetLastError 17026->17040 17042 7ff702bdfe04 17027->17042 17028->17026 17028->17040 17032 7ff702bdc248 FlsSetValue 17035 7ff702bdc254 FlsSetValue 17032->17035 17036 7ff702bdc266 17032->17036 17033 7ff702bdc238 FlsSetValue 17034 7ff702bdc241 17033->17034 17049 7ff702bdb464 17034->17049 17035->17034 17055 7ff702bdbdfc 17036->17055 17040->16949 17043 7ff702bdfe15 _get_daylight 17042->17043 17044 7ff702bdfe66 17043->17044 17045 7ff702bdfe4a HeapAlloc 17043->17045 17060 7ff702be4800 17043->17060 17047 7ff702bd5e48 _get_daylight 10 API calls 17044->17047 17045->17043 17046 7ff702bdc22a 17045->17046 17046->17032 17046->17033 17047->17046 17050 7ff702bdb498 17049->17050 17051 7ff702bdb469 RtlFreeHeap 17049->17051 17050->17040 17051->17050 17052 7ff702bdb484 GetLastError 17051->17052 17053 7ff702bdb491 __free_lconv_num 17052->17053 17054 7ff702bd5e48 _get_daylight 9 API calls 17053->17054 17054->17050 17069 7ff702bdbcd4 17055->17069 17063 7ff702be4840 17060->17063 17068 7ff702be1548 EnterCriticalSection 17063->17068 17081 7ff702be1548 EnterCriticalSection 17069->17081 17084 7ff702bdb6e7 17083->17084 17087 7ff702bdb758 17084->17087 17086 7ff702bdb70e 17086->16955 17097 7ff702bdb4a0 17087->17097 17092 7ff702bdb793 17092->17086 17098 7ff702bdb4bc GetLastError 17097->17098 17099 7ff702bdb4f7 17097->17099 17100 7ff702bdb4cc 17098->17100 17099->17092 17103 7ff702bdb50c 17099->17103 17110 7ff702bdc290 17100->17110 17104 7ff702bdb528 GetLastError SetLastError 17103->17104 17105 7ff702bdb540 17103->17105 17104->17105 17105->17092 17106 7ff702bdb844 IsProcessorFeaturePresent 17105->17106 17107 7ff702bdb857 17106->17107 17127 7ff702bdb558 17107->17127 17111 7ff702bdc2af FlsGetValue 17110->17111 17112 7ff702bdc2ca FlsSetValue 17110->17112 17113 7ff702bdc2c4 17111->17113 17115 7ff702bdb4e7 SetLastError 17111->17115 17114 7ff702bdc2d7 17112->17114 17112->17115 17113->17112 17116 7ff702bdfe04 _get_daylight 11 API calls 17114->17116 17115->17099 17117 7ff702bdc2e6 17116->17117 17118 7ff702bdc304 FlsSetValue 17117->17118 17119 7ff702bdc2f4 FlsSetValue 17117->17119 17121 7ff702bdc310 FlsSetValue 17118->17121 17122 7ff702bdc322 17118->17122 17120 7ff702bdc2fd 17119->17120 17123 7ff702bdb464 __free_lconv_num 11 API calls 17120->17123 17121->17120 17124 7ff702bdbdfc _get_daylight 11 API calls 17122->17124 17123->17115 17125 7ff702bdc32a 17124->17125 17126 7ff702bdb464 __free_lconv_num 11 API calls 17125->17126 17126->17115 17128 7ff702bdb592 _isindst memcpy_s 17127->17128 17129 7ff702bdb5ba RtlCaptureContext RtlLookupFunctionEntry 17128->17129 17130 7ff702bdb5f4 RtlVirtualUnwind 17129->17130 17131 7ff702bdb62a IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17129->17131 17130->17131 17132 7ff702bdb67c _isindst 17131->17132 17135 7ff702bcbb10 17132->17135 17137 7ff702bcbb19 17135->17137 17136 7ff702bcbb24 GetCurrentProcess TerminateProcess 17137->17136 17138 7ff702bcbea0 IsProcessorFeaturePresent 17137->17138 17139 7ff702bcbeb8 17138->17139 17144 7ff702bcc098 RtlCaptureContext 17139->17144 17145 7ff702bcc0b2 RtlLookupFunctionEntry 17144->17145 17146 7ff702bcbecb 17145->17146 17147 7ff702bcc0c8 RtlVirtualUnwind 17145->17147 17148 7ff702bcbe60 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 17146->17148 17147->17145 17147->17146 17150 7ff702bd68fc 17149->17150 17151 7ff702bd6909 FileTimeToSystemTime 17149->17151 17150->17151 17153 7ff702bd6904 17150->17153 17152 7ff702bd691d SystemTimeToTzSpecificLocalTime 17151->17152 17151->17153 17152->17153 17154 7ff702bcbb10 _log10_special 8 API calls 17153->17154 17155 7ff702bd67f5 17154->17155 17155->16976 17157 7ff702bd8d60 17156->17157 17158 7ff702bd8dce 17156->17158 17157->17158 17160 7ff702bd8d65 17157->17160 17193 7ff702be1a30 17158->17193 17161 7ff702bd8d7d 17160->17161 17162 7ff702bd8d9a 17160->17162 17168 7ff702bd8b14 GetFullPathNameW 17161->17168 17176 7ff702bd8b88 GetFullPathNameW 17162->17176 17167 7ff702bd8d92 __std_exception_destroy 17167->16991 17169 7ff702bd8b50 17168->17169 17170 7ff702bd8b3a GetLastError 17168->17170 17172 7ff702bd8b4c 17169->17172 17175 7ff702bd5e48 _get_daylight 11 API calls 17169->17175 17171 7ff702bd5dbc _fread_nolock 11 API calls 17170->17171 17173 7ff702bd8b47 17171->17173 17172->17167 17174 7ff702bd5e48 _get_daylight 11 API calls 17173->17174 17174->17172 17175->17172 17177 7ff702bd8bbb GetLastError 17176->17177 17181 7ff702bd8bd1 __std_exception_destroy 17176->17181 17178 7ff702bd5dbc _fread_nolock 11 API calls 17177->17178 17179 7ff702bd8bc8 17178->17179 17180 7ff702bd5e48 _get_daylight 11 API calls 17179->17180 17182 7ff702bd8bcd 17180->17182 17181->17182 17183 7ff702bd8c2b GetFullPathNameW 17181->17183 17184 7ff702bd8c60 17182->17184 17183->17177 17183->17182 17185 7ff702bd8cd4 memcpy_s 17184->17185 17186 7ff702bd8c89 memcpy_s 17184->17186 17185->17167 17186->17185 17187 7ff702bd8cbd 17186->17187 17190 7ff702bd8cf6 17186->17190 17188 7ff702bd5e48 _get_daylight 11 API calls 17187->17188 17189 7ff702bd8cc2 17188->17189 17191 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 17189->17191 17190->17185 17192 7ff702bd5e48 _get_daylight 11 API calls 17190->17192 17191->17185 17192->17189 17196 7ff702be1840 17193->17196 17197 7ff702be1882 17196->17197 17198 7ff702be186b 17196->17198 17199 7ff702be1886 17197->17199 17200 7ff702be18a7 17197->17200 17201 7ff702bd5e48 _get_daylight 11 API calls 17198->17201 17222 7ff702be19ac 17199->17222 17234 7ff702be0828 17200->17234 17204 7ff702be1870 17201->17204 17207 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 17204->17207 17206 7ff702be18ac 17211 7ff702be1951 17206->17211 17218 7ff702be18d3 17206->17218 17209 7ff702be187b __std_exception_destroy 17207->17209 17208 7ff702be188f 17210 7ff702bd5e28 _fread_nolock 11 API calls 17208->17210 17214 7ff702bcbb10 _log10_special 8 API calls 17209->17214 17212 7ff702be1894 17210->17212 17211->17198 17213 7ff702be1959 17211->17213 17215 7ff702bd5e48 _get_daylight 11 API calls 17212->17215 17216 7ff702bd8b14 13 API calls 17213->17216 17217 7ff702be19a1 17214->17217 17215->17204 17216->17209 17217->17167 17219 7ff702bd8b88 14 API calls 17218->17219 17220 7ff702be1917 17219->17220 17220->17209 17221 7ff702bd8c60 37 API calls 17220->17221 17221->17209 17223 7ff702be19f6 17222->17223 17224 7ff702be19c6 17222->17224 17225 7ff702be1a01 GetDriveTypeW 17223->17225 17227 7ff702be19e1 17223->17227 17226 7ff702bd5e28 _fread_nolock 11 API calls 17224->17226 17225->17227 17228 7ff702be19cb 17226->17228 17229 7ff702bcbb10 _log10_special 8 API calls 17227->17229 17230 7ff702bd5e48 _get_daylight 11 API calls 17228->17230 17232 7ff702be188b 17229->17232 17231 7ff702be19d6 17230->17231 17233 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 17231->17233 17232->17206 17232->17208 17233->17227 17248 7ff702beb740 17234->17248 17237 7ff702be0875 17240 7ff702bcbb10 _log10_special 8 API calls 17237->17240 17238 7ff702be089c 17239 7ff702bdfe04 _get_daylight 11 API calls 17238->17239 17241 7ff702be08ab 17239->17241 17242 7ff702be0909 17240->17242 17243 7ff702be08c4 17241->17243 17244 7ff702be08b5 GetCurrentDirectoryW 17241->17244 17242->17206 17246 7ff702bd5e48 _get_daylight 11 API calls 17243->17246 17244->17243 17245 7ff702be08c9 17244->17245 17247 7ff702bdb464 __free_lconv_num 11 API calls 17245->17247 17246->17245 17247->17237 17249 7ff702be085e GetCurrentDirectoryW 17248->17249 17249->17237 17249->17238 17251 7ff702be09a1 17250->17251 17252 7ff702be09c5 17250->17252 17251->17252 17253 7ff702be09a6 17251->17253 17254 7ff702be09ff 17252->17254 17257 7ff702be0a1e 17252->17257 17255 7ff702bd5e48 _get_daylight 11 API calls 17253->17255 17256 7ff702bd5e48 _get_daylight 11 API calls 17254->17256 17258 7ff702be09ab 17255->17258 17259 7ff702be0a04 17256->17259 17267 7ff702bd5e8c 17257->17267 17261 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 17258->17261 17262 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 17259->17262 17263 7ff702be09b6 17261->17263 17264 7ff702be0a0f 17262->17264 17263->17012 17264->17012 17265 7ff702be0a2b 17265->17264 17266 7ff702be174c 51 API calls 17265->17266 17266->17265 17268 7ff702bd5eb0 17267->17268 17269 7ff702bd5eab 17267->17269 17268->17269 17275 7ff702bdc050 GetLastError 17268->17275 17269->17265 17276 7ff702bdc074 FlsGetValue 17275->17276 17277 7ff702bdc091 FlsSetValue 17275->17277 17278 7ff702bdc08b 17276->17278 17294 7ff702bdc081 17276->17294 17279 7ff702bdc0a3 17277->17279 17277->17294 17278->17277 17281 7ff702bdfe04 _get_daylight 11 API calls 17279->17281 17280 7ff702bdc0fd SetLastError 17283 7ff702bdc11d 17280->17283 17284 7ff702bd5ecb 17280->17284 17282 7ff702bdc0b2 17281->17282 17286 7ff702bdc0d0 FlsSetValue 17282->17286 17287 7ff702bdc0c0 FlsSetValue 17282->17287 17305 7ff702bdb40c 17283->17305 17297 7ff702bdea4c 17284->17297 17290 7ff702bdc0dc FlsSetValue 17286->17290 17291 7ff702bdc0ee 17286->17291 17289 7ff702bdc0c9 17287->17289 17292 7ff702bdb464 __free_lconv_num 11 API calls 17289->17292 17290->17289 17293 7ff702bdbdfc _get_daylight 11 API calls 17291->17293 17292->17294 17295 7ff702bdc0f6 17293->17295 17294->17280 17296 7ff702bdb464 __free_lconv_num 11 API calls 17295->17296 17296->17280 17298 7ff702bdea61 17297->17298 17299 7ff702bd5eee 17297->17299 17298->17299 17349 7ff702be4574 17298->17349 17301 7ff702bdeab8 17299->17301 17302 7ff702bdeae0 17301->17302 17303 7ff702bdeacd 17301->17303 17302->17269 17303->17302 17362 7ff702be38c0 17303->17362 17314 7ff702be48c0 17305->17314 17340 7ff702be4878 17314->17340 17345 7ff702be1548 EnterCriticalSection 17340->17345 17350 7ff702bdc050 _CallSETranslator 45 API calls 17349->17350 17351 7ff702be4583 17350->17351 17353 7ff702be45ce 17351->17353 17361 7ff702be1548 EnterCriticalSection 17351->17361 17353->17299 17363 7ff702bdc050 _CallSETranslator 45 API calls 17362->17363 17364 7ff702be38c9 17363->17364 20680 7ff702bebfd9 20683 7ff702bd62e8 LeaveCriticalSection 20680->20683 21333 7ff702bec06e 21334 7ff702bec07d 21333->21334 21336 7ff702bec087 21333->21336 21337 7ff702be15a8 LeaveCriticalSection 21334->21337 21388 7ff702bd6280 21389 7ff702bd628b 21388->21389 21397 7ff702be0514 21389->21397 21410 7ff702be1548 EnterCriticalSection 21397->21410 20713 7ff702be0bfc 20714 7ff702be0dee 20713->20714 20716 7ff702be0c3e _isindst 20713->20716 20715 7ff702bd5e48 _get_daylight 11 API calls 20714->20715 20733 7ff702be0dde 20715->20733 20716->20714 20719 7ff702be0cbe _isindst 20716->20719 20717 7ff702bcbb10 _log10_special 8 API calls 20718 7ff702be0e09 20717->20718 20734 7ff702be7404 20719->20734 20724 7ff702be0e1a 20726 7ff702bdb844 _isindst 17 API calls 20724->20726 20727 7ff702be0e2e 20726->20727 20731 7ff702be0d1b 20731->20733 20758 7ff702be7448 20731->20758 20733->20717 20735 7ff702be7413 20734->20735 20737 7ff702be0cdc 20734->20737 20765 7ff702be1548 EnterCriticalSection 20735->20765 20740 7ff702be6808 20737->20740 20741 7ff702be6811 20740->20741 20742 7ff702be0cf1 20740->20742 20743 7ff702bd5e48 _get_daylight 11 API calls 20741->20743 20742->20724 20746 7ff702be6838 20742->20746 20744 7ff702be6816 20743->20744 20745 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 20744->20745 20745->20742 20747 7ff702be6841 20746->20747 20751 7ff702be0d02 20746->20751 20748 7ff702bd5e48 _get_daylight 11 API calls 20747->20748 20749 7ff702be6846 20748->20749 20750 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 20749->20750 20750->20751 20751->20724 20752 7ff702be6868 20751->20752 20753 7ff702be6871 20752->20753 20755 7ff702be0d13 20752->20755 20754 7ff702bd5e48 _get_daylight 11 API calls 20753->20754 20756 7ff702be6876 20754->20756 20755->20724 20755->20731 20757 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 20756->20757 20757->20755 20766 7ff702be1548 EnterCriticalSection 20758->20766 17377 7ff702bcc1fc 17398 7ff702bcc3dc 17377->17398 17380 7ff702bcc353 17565 7ff702bcc6fc IsProcessorFeaturePresent 17380->17565 17381 7ff702bcc21d __scrt_acquire_startup_lock 17383 7ff702bcc35d 17381->17383 17389 7ff702bcc23b __scrt_release_startup_lock 17381->17389 17384 7ff702bcc6fc 7 API calls 17383->17384 17386 7ff702bcc368 _CallSETranslator 17384->17386 17385 7ff702bcc260 17387 7ff702bcc2e6 17406 7ff702bda6b8 17387->17406 17389->17385 17389->17387 17554 7ff702bdaa64 17389->17554 17391 7ff702bcc2eb 17412 7ff702bc1000 17391->17412 17396 7ff702bcc30f 17396->17386 17561 7ff702bcc560 17396->17561 17399 7ff702bcc3e4 17398->17399 17400 7ff702bcc3f0 __scrt_dllmain_crt_thread_attach 17399->17400 17401 7ff702bcc3fd 17400->17401 17402 7ff702bcc215 17400->17402 17572 7ff702bdb30c 17401->17572 17402->17380 17402->17381 17407 7ff702bda6c8 17406->17407 17408 7ff702bda6dd 17406->17408 17407->17408 17615 7ff702bda148 17407->17615 17408->17391 17413 7ff702bc2b80 17412->17413 17677 7ff702bd63c0 17413->17677 17415 7ff702bc2bbc 17684 7ff702bc2a70 17415->17684 17419 7ff702bcbb10 _log10_special 8 API calls 17421 7ff702bc30ec 17419->17421 17559 7ff702bcc84c GetModuleHandleW 17421->17559 17422 7ff702bc2bfd 17844 7ff702bc1c60 17422->17844 17423 7ff702bc2cdb 17853 7ff702bc39d0 17423->17853 17427 7ff702bc2c1c 17756 7ff702bc7e70 17427->17756 17428 7ff702bc2d2a 17876 7ff702bc1e50 17428->17876 17432 7ff702bc2c4f 17439 7ff702bc2c7b __std_exception_destroy 17432->17439 17848 7ff702bc7fe0 17432->17848 17433 7ff702bc2d1d 17434 7ff702bc2d22 17433->17434 17435 7ff702bc2d45 17433->17435 17872 7ff702bcf5a4 17434->17872 17438 7ff702bc1c60 49 API calls 17435->17438 17440 7ff702bc2d64 17438->17440 17441 7ff702bc7e70 14 API calls 17439->17441 17449 7ff702bc2c9e __std_exception_destroy 17439->17449 17444 7ff702bc1930 115 API calls 17440->17444 17441->17449 17443 7ff702bc2dcc 17445 7ff702bc7fe0 40 API calls 17443->17445 17446 7ff702bc2d8e 17444->17446 17447 7ff702bc2dd8 17445->17447 17446->17427 17448 7ff702bc2d9e 17446->17448 17450 7ff702bc7fe0 40 API calls 17447->17450 17451 7ff702bc1e50 81 API calls 17448->17451 17454 7ff702bc2cce __std_exception_destroy 17449->17454 17887 7ff702bc7f80 17449->17887 17452 7ff702bc2de4 17450->17452 17460 7ff702bc2bc9 __std_exception_destroy 17451->17460 17453 7ff702bc7fe0 40 API calls 17452->17453 17453->17454 17455 7ff702bc7e70 14 API calls 17454->17455 17456 7ff702bc2e04 17455->17456 17457 7ff702bc2ef9 17456->17457 17458 7ff702bc2e29 __std_exception_destroy 17456->17458 17459 7ff702bc1e50 81 API calls 17457->17459 17461 7ff702bc7f80 40 API calls 17458->17461 17470 7ff702bc2e6c 17458->17470 17459->17460 17460->17419 17461->17470 17462 7ff702bc3033 17894 7ff702bc85b0 17462->17894 17463 7ff702bc303a 17465 7ff702bc7e70 14 API calls 17463->17465 17467 7ff702bc304f __std_exception_destroy 17465->17467 17468 7ff702bc308a 17467->17468 17469 7ff702bc3187 17467->17469 17471 7ff702bc3094 17468->17471 17472 7ff702bc311a 17468->17472 17901 7ff702bc38f0 17469->17901 17470->17462 17470->17463 17769 7ff702bc85c0 17471->17769 17476 7ff702bc7e70 14 API calls 17472->17476 17474 7ff702bc3195 17478 7ff702bc31b7 17474->17478 17479 7ff702bc31ab 17474->17479 17477 7ff702bc3126 17476->17477 17481 7ff702bc30a5 17477->17481 17484 7ff702bc3133 17477->17484 17483 7ff702bc1c60 49 API calls 17478->17483 17904 7ff702bc3a40 17479->17904 17486 7ff702bc1e50 81 API calls 17481->17486 17492 7ff702bc310e __std_exception_destroy 17483->17492 17487 7ff702bc1c60 49 API calls 17484->17487 17486->17460 17490 7ff702bc3151 17487->17490 17488 7ff702bc320a 17819 7ff702bc8950 17488->17819 17490->17492 17493 7ff702bc3158 17490->17493 17492->17488 17494 7ff702bc31ed SetDllDirectoryW LoadLibraryExW 17492->17494 17496 7ff702bc1e50 81 API calls 17493->17496 17494->17488 17495 7ff702bc321d SetDllDirectoryW 17498 7ff702bc3250 17495->17498 17543 7ff702bc32a1 17495->17543 17496->17460 17499 7ff702bc7e70 14 API calls 17498->17499 17507 7ff702bc325c __std_exception_destroy 17499->17507 17500 7ff702bc3433 17501 7ff702bc343e 17500->17501 17508 7ff702bc3445 17500->17508 17503 7ff702bc85b0 5 API calls 17501->17503 17502 7ff702bc3362 17824 7ff702bc2780 17502->17824 17505 7ff702bc3443 17503->17505 17505->17508 17510 7ff702bc3339 17507->17510 17514 7ff702bc3295 17507->17514 17981 7ff702bc2720 17508->17981 17513 7ff702bc7f80 40 API calls 17510->17513 17513->17543 17514->17543 17907 7ff702bc6200 17514->17907 17543->17500 17543->17502 17555 7ff702bdaa9c 17554->17555 17556 7ff702bdaa7b 17554->17556 20002 7ff702bdb358 17555->20002 17556->17387 17560 7ff702bcc85d 17559->17560 17560->17396 17563 7ff702bcc571 17561->17563 17562 7ff702bcc326 17562->17385 17563->17562 17564 7ff702bcce18 7 API calls 17563->17564 17564->17562 17566 7ff702bcc722 _isindst memcpy_s 17565->17566 17567 7ff702bcc741 RtlCaptureContext RtlLookupFunctionEntry 17566->17567 17568 7ff702bcc7a6 memcpy_s 17567->17568 17569 7ff702bcc76a RtlVirtualUnwind 17567->17569 17570 7ff702bcc7d8 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17568->17570 17569->17568 17571 7ff702bcc826 _isindst 17570->17571 17571->17383 17573 7ff702be471c 17572->17573 17574 7ff702bcc402 17573->17574 17582 7ff702bdd420 17573->17582 17574->17402 17576 7ff702bcce18 17574->17576 17577 7ff702bcce20 17576->17577 17578 7ff702bcce2a 17576->17578 17594 7ff702bcd1b4 17577->17594 17578->17402 17593 7ff702be1548 EnterCriticalSection 17582->17593 17595 7ff702bcd1c3 17594->17595 17596 7ff702bcce25 17594->17596 17602 7ff702bcd3f0 17595->17602 17598 7ff702bcd220 17596->17598 17599 7ff702bcd24b 17598->17599 17600 7ff702bcd24f 17599->17600 17601 7ff702bcd22e DeleteCriticalSection 17599->17601 17600->17578 17601->17599 17606 7ff702bcd258 17602->17606 17607 7ff702bcd342 TlsFree 17606->17607 17613 7ff702bcd29c __vcrt_InitializeCriticalSectionEx 17606->17613 17608 7ff702bcd2ca LoadLibraryExW 17610 7ff702bcd2eb GetLastError 17608->17610 17611 7ff702bcd369 17608->17611 17609 7ff702bcd389 GetProcAddress 17609->17607 17610->17613 17611->17609 17612 7ff702bcd380 FreeLibrary 17611->17612 17612->17609 17613->17607 17613->17608 17613->17609 17614 7ff702bcd30d LoadLibraryExW 17613->17614 17614->17611 17614->17613 17616 7ff702bda161 17615->17616 17617 7ff702bda15d 17615->17617 17636 7ff702be3cac GetEnvironmentStringsW 17616->17636 17617->17408 17628 7ff702bda508 17617->17628 17620 7ff702bda16e 17623 7ff702bdb464 __free_lconv_num 11 API calls 17620->17623 17621 7ff702bda17a 17643 7ff702bda2c8 17621->17643 17623->17617 17625 7ff702bdb464 __free_lconv_num 11 API calls 17626 7ff702bda1a1 17625->17626 17627 7ff702bdb464 __free_lconv_num 11 API calls 17626->17627 17627->17617 17629 7ff702bda52b 17628->17629 17631 7ff702bda542 17628->17631 17629->17408 17630 7ff702be0b10 MultiByteToWideChar _fread_nolock 17630->17631 17631->17629 17631->17630 17632 7ff702bdfe04 _get_daylight 11 API calls 17631->17632 17633 7ff702bda5b6 17631->17633 17635 7ff702bdb464 __free_lconv_num 11 API calls 17631->17635 17632->17631 17634 7ff702bdb464 __free_lconv_num 11 API calls 17633->17634 17634->17629 17635->17631 17637 7ff702bda166 17636->17637 17638 7ff702be3cd0 17636->17638 17637->17620 17637->17621 17639 7ff702bde6c4 _fread_nolock 12 API calls 17638->17639 17640 7ff702be3d07 memcpy_s 17639->17640 17641 7ff702bdb464 __free_lconv_num 11 API calls 17640->17641 17642 7ff702be3d27 FreeEnvironmentStringsW 17641->17642 17642->17637 17644 7ff702bda2f0 17643->17644 17645 7ff702bdfe04 _get_daylight 11 API calls 17644->17645 17658 7ff702bda32b 17645->17658 17646 7ff702bda333 17647 7ff702bdb464 __free_lconv_num 11 API calls 17646->17647 17648 7ff702bda182 17647->17648 17648->17625 17649 7ff702bda3ad 17650 7ff702bdb464 __free_lconv_num 11 API calls 17649->17650 17650->17648 17651 7ff702bdfe04 _get_daylight 11 API calls 17651->17658 17652 7ff702bda39c 17671 7ff702bda3e4 17652->17671 17656 7ff702bdb464 __free_lconv_num 11 API calls 17656->17646 17657 7ff702bda3d0 17659 7ff702bdb844 _isindst 17 API calls 17657->17659 17658->17646 17658->17649 17658->17651 17658->17652 17658->17657 17660 7ff702bdb464 __free_lconv_num 11 API calls 17658->17660 17662 7ff702be16e4 17658->17662 17661 7ff702bda3e2 17659->17661 17660->17658 17663 7ff702be16f1 17662->17663 17664 7ff702be16fb 17662->17664 17663->17664 17669 7ff702be1717 17663->17669 17665 7ff702bd5e48 _get_daylight 11 API calls 17664->17665 17666 7ff702be1703 17665->17666 17667 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 17666->17667 17668 7ff702be170f 17667->17668 17668->17658 17669->17668 17670 7ff702bd5e48 _get_daylight 11 API calls 17669->17670 17670->17666 17672 7ff702bda3a4 17671->17672 17673 7ff702bda3e9 17671->17673 17672->17656 17674 7ff702bda412 17673->17674 17675 7ff702bdb464 __free_lconv_num 11 API calls 17673->17675 17676 7ff702bdb464 __free_lconv_num 11 API calls 17674->17676 17675->17673 17676->17672 17680 7ff702be06f0 17677->17680 17678 7ff702be0743 17679 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 17678->17679 17683 7ff702be076c 17679->17683 17680->17678 17681 7ff702be0796 17680->17681 17994 7ff702be05c8 17681->17994 17683->17415 18002 7ff702bcbe10 17684->18002 17687 7ff702bc2ad0 18004 7ff702bc8840 FindFirstFileExW 17687->18004 17688 7ff702bc2aab GetLastError 18009 7ff702bc2310 17688->18009 17692 7ff702bc2ae3 18026 7ff702bc88c0 CreateFileW 17692->18026 17693 7ff702bc2b3d 18039 7ff702bc8a00 17693->18039 17695 7ff702bcbb10 _log10_special 8 API calls 17698 7ff702bc2b75 17695->17698 17698->17460 17706 7ff702bc1930 17698->17706 17699 7ff702bc2b4b 17702 7ff702bc1f30 78 API calls 17699->17702 17705 7ff702bc2ac6 17699->17705 17700 7ff702bc2af4 18029 7ff702bc1f30 17700->18029 17702->17705 17704 7ff702bc2b0c __vcrt_InitializeCriticalSectionEx 17704->17693 17705->17695 17707 7ff702bc39d0 108 API calls 17706->17707 17708 7ff702bc1965 17707->17708 17709 7ff702bc1c23 17708->17709 17711 7ff702bc73d0 83 API calls 17708->17711 17710 7ff702bcbb10 _log10_special 8 API calls 17709->17710 17713 7ff702bc1c3e 17710->17713 17712 7ff702bc19ab 17711->17712 17755 7ff702bc19e3 17712->17755 18415 7ff702bcfc2c 17712->18415 17713->17422 17713->17423 17715 7ff702bcf5a4 74 API calls 17715->17709 17716 7ff702bc19c5 17717 7ff702bc19c9 17716->17717 17718 7ff702bc19e8 17716->17718 17719 7ff702bd5e48 _get_daylight 11 API calls 17717->17719 18419 7ff702bcf8f4 17718->18419 17721 7ff702bc19ce 17719->17721 18422 7ff702bc2020 17721->18422 17724 7ff702bc1a06 17726 7ff702bd5e48 _get_daylight 11 API calls 17724->17726 17725 7ff702bc1a25 17728 7ff702bc1a3c 17725->17728 17729 7ff702bc1a5b 17725->17729 17727 7ff702bc1a0b 17726->17727 17730 7ff702bc2020 87 API calls 17727->17730 17731 7ff702bd5e48 _get_daylight 11 API calls 17728->17731 17732 7ff702bc1c60 49 API calls 17729->17732 17730->17755 17733 7ff702bc1a41 17731->17733 17734 7ff702bc1a72 17732->17734 17735 7ff702bc2020 87 API calls 17733->17735 17736 7ff702bc1c60 49 API calls 17734->17736 17735->17755 17737 7ff702bc1abd 17736->17737 17738 7ff702bcfc2c 73 API calls 17737->17738 17739 7ff702bc1ae1 17738->17739 17740 7ff702bc1af6 17739->17740 17741 7ff702bc1b15 17739->17741 17742 7ff702bd5e48 _get_daylight 11 API calls 17740->17742 17743 7ff702bcf8f4 _fread_nolock 53 API calls 17741->17743 17744 7ff702bc1afb 17742->17744 17745 7ff702bc1b2a 17743->17745 17746 7ff702bc2020 87 API calls 17744->17746 17747 7ff702bc1b30 17745->17747 17748 7ff702bc1b4f 17745->17748 17746->17755 17750 7ff702bd5e48 _get_daylight 11 API calls 17747->17750 18437 7ff702bcf668 17748->18437 17752 7ff702bc1b35 17750->17752 17753 7ff702bc2020 87 API calls 17752->17753 17753->17755 17754 7ff702bc1e50 81 API calls 17754->17755 17755->17715 17755->17755 17757 7ff702bc7e7a 17756->17757 17758 7ff702bc8950 2 API calls 17757->17758 17759 7ff702bc7e99 GetEnvironmentVariableW 17758->17759 17760 7ff702bc7f02 17759->17760 17761 7ff702bc7eb6 ExpandEnvironmentStringsW 17759->17761 17763 7ff702bcbb10 _log10_special 8 API calls 17760->17763 17761->17760 17762 7ff702bc7ed8 17761->17762 17764 7ff702bc8a00 2 API calls 17762->17764 17765 7ff702bc7f14 17763->17765 17766 7ff702bc7eea 17764->17766 17765->17432 17767 7ff702bcbb10 _log10_special 8 API calls 17766->17767 17768 7ff702bc7efa 17767->17768 17768->17432 17770 7ff702bc85d5 17769->17770 18701 7ff702bc7bb0 GetCurrentProcess OpenProcessToken 17770->18701 17773 7ff702bc7bb0 7 API calls 17774 7ff702bc8601 17773->17774 17775 7ff702bc8634 17774->17775 17776 7ff702bc861a 17774->17776 17778 7ff702bc1d50 48 API calls 17775->17778 17777 7ff702bc1d50 48 API calls 17776->17777 17779 7ff702bc8632 17777->17779 17780 7ff702bc8647 LocalFree LocalFree 17778->17780 17779->17780 17781 7ff702bc8663 17780->17781 17783 7ff702bc866f 17780->17783 18711 7ff702bc2220 17781->18711 17784 7ff702bcbb10 _log10_special 8 API calls 17783->17784 17785 7ff702bc3099 17784->17785 17785->17481 17786 7ff702bc7ca0 17785->17786 17787 7ff702bc7cb8 17786->17787 17788 7ff702bc7d3a GetTempPathW GetCurrentProcessId 17787->17788 17789 7ff702bc7cdc 17787->17789 18722 7ff702bc8760 17788->18722 17791 7ff702bc7e70 14 API calls 17789->17791 17820 7ff702bc8972 MultiByteToWideChar 17819->17820 17822 7ff702bc8996 17819->17822 17820->17822 17823 7ff702bc89ac __std_exception_destroy 17820->17823 17821 7ff702bc89b3 MultiByteToWideChar 17821->17823 17822->17821 17822->17823 17823->17495 17825 7ff702bc278e memcpy_s 17824->17825 17829 7ff702bc1c60 49 API calls 17825->17829 17830 7ff702bc29a2 17825->17830 17835 7ff702bc2989 17825->17835 17836 7ff702bc2140 81 API calls 17825->17836 17838 7ff702bc2987 17825->17838 17841 7ff702bc2990 17825->17841 18909 7ff702bc3970 17825->18909 18915 7ff702bc7260 17825->18915 18927 7ff702bc15e0 17825->18927 18975 7ff702bc6560 17825->18975 18979 7ff702bc35a0 17825->18979 19023 7ff702bc3860 17825->19023 17826 7ff702bcbb10 _log10_special 8 API calls 17829->17825 17832 7ff702bc1e50 81 API calls 17830->17832 17832->17838 17837 7ff702bc1e50 81 API calls 17835->17837 17836->17825 17837->17838 17838->17826 17842 7ff702bc1e50 81 API calls 17841->17842 17842->17838 17845 7ff702bc1c85 17844->17845 17846 7ff702bd58c4 49 API calls 17845->17846 17847 7ff702bc1ca8 17846->17847 17847->17427 17849 7ff702bc8950 2 API calls 17848->17849 17850 7ff702bc7ff4 17849->17850 17851 7ff702bd9174 38 API calls 17850->17851 17852 7ff702bc8006 __std_exception_destroy 17851->17852 17852->17439 17854 7ff702bc39dc 17853->17854 17855 7ff702bc8950 2 API calls 17854->17855 17856 7ff702bc3a04 17855->17856 17857 7ff702bc8950 2 API calls 17856->17857 17858 7ff702bc3a17 17857->17858 19190 7ff702bd6f54 17858->19190 17861 7ff702bcbb10 _log10_special 8 API calls 17862 7ff702bc2ceb 17861->17862 17862->17428 17863 7ff702bc73d0 17862->17863 17864 7ff702bc73f4 17863->17864 17865 7ff702bcfc2c 73 API calls 17864->17865 17870 7ff702bc74cb __std_exception_destroy 17864->17870 17866 7ff702bc7410 17865->17866 17866->17870 19581 7ff702bd8804 17866->19581 17868 7ff702bcfc2c 73 API calls 17871 7ff702bc7425 17868->17871 17869 7ff702bcf8f4 _fread_nolock 53 API calls 17869->17871 17870->17433 17871->17868 17871->17869 17871->17870 17873 7ff702bcf5d4 17872->17873 19596 7ff702bcf380 17873->19596 17875 7ff702bcf5ed 17875->17428 17877 7ff702bcbe10 17876->17877 17878 7ff702bc1e74 GetCurrentProcessId 17877->17878 17879 7ff702bc1c60 49 API calls 17878->17879 17880 7ff702bc1ec5 17879->17880 17881 7ff702bd58c4 49 API calls 17880->17881 17882 7ff702bc1f02 17881->17882 17883 7ff702bc1cc0 80 API calls 17882->17883 17884 7ff702bc1f0c 17883->17884 17885 7ff702bcbb10 _log10_special 8 API calls 17884->17885 17886 7ff702bc1f1c 17885->17886 17886->17460 17888 7ff702bc8950 2 API calls 17887->17888 17889 7ff702bc7f9c 17888->17889 17890 7ff702bc8950 2 API calls 17889->17890 17891 7ff702bc7fac 17890->17891 17892 7ff702bd9174 38 API calls 17891->17892 17893 7ff702bc7fba __std_exception_destroy 17892->17893 17893->17443 17895 7ff702bc8510 GetConsoleWindow 17894->17895 17896 7ff702bc3038 17895->17896 17897 7ff702bc852a GetCurrentProcessId GetWindowThreadProcessId 17895->17897 17896->17463 17897->17896 17898 7ff702bc8549 17897->17898 17898->17896 17899 7ff702bc8551 ShowWindow 17898->17899 17899->17896 17900 7ff702bc8560 Sleep 17899->17900 17900->17896 17900->17899 17902 7ff702bc1c60 49 API calls 17901->17902 17903 7ff702bc390d 17902->17903 17903->17474 17905 7ff702bc1c60 49 API calls 17904->17905 17906 7ff702bc3a70 17905->17906 17906->17492 17908 7ff702bc6215 17907->17908 19713 7ff702bc57a0 17981->19713 18001 7ff702bd62dc EnterCriticalSection 17994->18001 18003 7ff702bc2a7c GetModuleFileNameW 18002->18003 18003->17687 18003->17688 18005 7ff702bc887f FindClose 18004->18005 18006 7ff702bc8892 18004->18006 18005->18006 18007 7ff702bcbb10 _log10_special 8 API calls 18006->18007 18008 7ff702bc2ada 18007->18008 18008->17692 18008->17693 18010 7ff702bcbe10 18009->18010 18011 7ff702bc2330 GetCurrentProcessId 18010->18011 18044 7ff702bc1d50 18011->18044 18013 7ff702bc237b 18048 7ff702bd5b18 18013->18048 18016 7ff702bc1d50 48 API calls 18017 7ff702bc23eb FormatMessageW 18016->18017 18019 7ff702bc2436 18017->18019 18020 7ff702bc2424 18017->18020 18066 7ff702bc1e00 18019->18066 18021 7ff702bc1d50 48 API calls 18020->18021 18021->18019 18024 7ff702bcbb10 _log10_special 8 API calls 18025 7ff702bc2464 18024->18025 18025->17705 18027 7ff702bc8900 GetFinalPathNameByHandleW CloseHandle 18026->18027 18028 7ff702bc2af0 18026->18028 18027->18028 18028->17700 18028->17704 18030 7ff702bc1f54 18029->18030 18031 7ff702bc1d50 48 API calls 18030->18031 18032 7ff702bc1fa5 18031->18032 18033 7ff702bd5b18 48 API calls 18032->18033 18034 7ff702bc1fe3 18033->18034 18035 7ff702bc1e00 78 API calls 18034->18035 18036 7ff702bc2001 18035->18036 18037 7ff702bcbb10 _log10_special 8 API calls 18036->18037 18038 7ff702bc2011 18037->18038 18038->17705 18040 7ff702bc8a2a WideCharToMultiByte 18039->18040 18041 7ff702bc8a55 18039->18041 18040->18041 18042 7ff702bc8a6b __std_exception_destroy 18040->18042 18041->18042 18043 7ff702bc8a72 WideCharToMultiByte 18041->18043 18042->17699 18043->18042 18045 7ff702bc1d75 18044->18045 18046 7ff702bd5b18 48 API calls 18045->18046 18047 7ff702bc1d98 18046->18047 18047->18013 18050 7ff702bd5b72 18048->18050 18049 7ff702bd5b97 18051 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 18049->18051 18050->18049 18052 7ff702bd5bd3 18050->18052 18054 7ff702bd5bc1 18051->18054 18070 7ff702bd2e08 18052->18070 18056 7ff702bcbb10 _log10_special 8 API calls 18054->18056 18055 7ff702bd5cb4 18057 7ff702bdb464 __free_lconv_num 11 API calls 18055->18057 18058 7ff702bc23bb 18056->18058 18057->18054 18058->18016 18060 7ff702bd5c89 18063 7ff702bdb464 __free_lconv_num 11 API calls 18060->18063 18061 7ff702bd5cda 18061->18055 18062 7ff702bd5ce4 18061->18062 18065 7ff702bdb464 __free_lconv_num 11 API calls 18062->18065 18063->18054 18064 7ff702bd5c80 18064->18055 18064->18060 18065->18054 18067 7ff702bc1e26 18066->18067 18400 7ff702bd57a0 18067->18400 18069 7ff702bc1e3c 18069->18024 18071 7ff702bd2e46 18070->18071 18076 7ff702bd2e36 18070->18076 18072 7ff702bd2e4f 18071->18072 18079 7ff702bd2e7d 18071->18079 18074 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 18072->18074 18073 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 18075 7ff702bd2e75 18073->18075 18074->18075 18075->18055 18075->18060 18075->18061 18075->18064 18076->18073 18079->18075 18079->18076 18081 7ff702bd4450 18079->18081 18114 7ff702bd35a0 18079->18114 18151 7ff702bd2390 18079->18151 18082 7ff702bd4503 18081->18082 18083 7ff702bd4492 18081->18083 18086 7ff702bd455c 18082->18086 18087 7ff702bd4508 18082->18087 18084 7ff702bd452d 18083->18084 18085 7ff702bd4498 18083->18085 18174 7ff702bd132c 18084->18174 18088 7ff702bd44cc 18085->18088 18089 7ff702bd449d 18085->18089 18093 7ff702bd4573 18086->18093 18095 7ff702bd4566 18086->18095 18100 7ff702bd456b 18086->18100 18090 7ff702bd453d 18087->18090 18091 7ff702bd450a 18087->18091 18096 7ff702bd44a3 18088->18096 18088->18100 18089->18093 18089->18096 18181 7ff702bd0f1c 18090->18181 18094 7ff702bd44ac 18091->18094 18103 7ff702bd4519 18091->18103 18188 7ff702bd5158 18093->18188 18112 7ff702bd459c 18094->18112 18154 7ff702bd4c04 18094->18154 18095->18084 18095->18100 18096->18094 18101 7ff702bd44de 18096->18101 18110 7ff702bd44c7 18096->18110 18100->18112 18192 7ff702bd173c 18100->18192 18101->18112 18164 7ff702bd4f40 18101->18164 18103->18084 18105 7ff702bd451e 18103->18105 18105->18112 18170 7ff702bd5004 18105->18170 18106 7ff702bcbb10 _log10_special 8 API calls 18107 7ff702bd4896 18106->18107 18107->18079 18110->18112 18113 7ff702bd4788 18110->18113 18199 7ff702bd5270 18110->18199 18112->18106 18113->18112 18205 7ff702bdfad0 18113->18205 18115 7ff702bd35c4 18114->18115 18116 7ff702bd35ae 18114->18116 18119 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 18115->18119 18120 7ff702bd3604 18115->18120 18117 7ff702bd4503 18116->18117 18118 7ff702bd4492 18116->18118 18116->18120 18123 7ff702bd455c 18117->18123 18124 7ff702bd4508 18117->18124 18121 7ff702bd452d 18118->18121 18122 7ff702bd4498 18118->18122 18119->18120 18120->18079 18129 7ff702bd132c 38 API calls 18121->18129 18125 7ff702bd44cc 18122->18125 18126 7ff702bd449d 18122->18126 18130 7ff702bd4573 18123->18130 18132 7ff702bd4566 18123->18132 18137 7ff702bd456b 18123->18137 18127 7ff702bd453d 18124->18127 18128 7ff702bd450a 18124->18128 18133 7ff702bd44a3 18125->18133 18125->18137 18126->18130 18126->18133 18135 7ff702bd0f1c 38 API calls 18127->18135 18131 7ff702bd44ac 18128->18131 18140 7ff702bd4519 18128->18140 18146 7ff702bd44c7 18129->18146 18134 7ff702bd5158 45 API calls 18130->18134 18136 7ff702bd4c04 47 API calls 18131->18136 18149 7ff702bd459c 18131->18149 18132->18121 18132->18137 18133->18131 18138 7ff702bd44de 18133->18138 18133->18146 18134->18146 18135->18146 18136->18146 18139 7ff702bd173c 38 API calls 18137->18139 18137->18149 18141 7ff702bd4f40 46 API calls 18138->18141 18138->18149 18139->18146 18140->18121 18142 7ff702bd451e 18140->18142 18141->18146 18144 7ff702bd5004 37 API calls 18142->18144 18142->18149 18143 7ff702bcbb10 _log10_special 8 API calls 18145 7ff702bd4896 18143->18145 18144->18146 18145->18079 18147 7ff702bd5270 45 API calls 18146->18147 18146->18149 18150 7ff702bd4788 18146->18150 18147->18150 18148 7ff702bdfad0 46 API calls 18148->18150 18149->18143 18150->18148 18150->18149 18383 7ff702bd05a0 18151->18383 18155 7ff702bd4c2a 18154->18155 18217 7ff702bd0158 18155->18217 18160 7ff702bd5270 45 API calls 18161 7ff702bd4d6f 18160->18161 18162 7ff702bd5270 45 API calls 18161->18162 18163 7ff702bd4dfd 18161->18163 18162->18163 18163->18110 18166 7ff702bd4f75 18164->18166 18165 7ff702bd4fba 18165->18110 18166->18165 18167 7ff702bd4f93 18166->18167 18168 7ff702bd5270 45 API calls 18166->18168 18169 7ff702bdfad0 46 API calls 18167->18169 18168->18167 18169->18165 18173 7ff702bd5025 18170->18173 18171 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 18172 7ff702bd5056 18171->18172 18172->18110 18173->18171 18173->18172 18175 7ff702bd135f 18174->18175 18176 7ff702bd138e 18175->18176 18178 7ff702bd144b 18175->18178 18180 7ff702bd13cb 18176->18180 18353 7ff702bd0200 18176->18353 18179 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 18178->18179 18179->18180 18180->18110 18182 7ff702bd0f4f 18181->18182 18183 7ff702bd0f7e 18182->18183 18185 7ff702bd103b 18182->18185 18184 7ff702bd0200 12 API calls 18183->18184 18187 7ff702bd0fbb 18183->18187 18184->18187 18186 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 18185->18186 18186->18187 18187->18110 18189 7ff702bd519b 18188->18189 18191 7ff702bd519f __crtLCMapStringW 18189->18191 18361 7ff702bd51f4 18189->18361 18191->18110 18193 7ff702bd176f 18192->18193 18194 7ff702bd179e 18193->18194 18196 7ff702bd185b 18193->18196 18195 7ff702bd0200 12 API calls 18194->18195 18198 7ff702bd17db 18194->18198 18195->18198 18197 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 18196->18197 18197->18198 18198->18110 18200 7ff702bd5287 18199->18200 18365 7ff702bdea80 18200->18365 18207 7ff702bdfb01 18205->18207 18215 7ff702bdfb0f 18205->18215 18206 7ff702bdfb2f 18208 7ff702bdfb40 18206->18208 18209 7ff702bdfb67 18206->18209 18207->18206 18210 7ff702bd5270 45 API calls 18207->18210 18207->18215 18373 7ff702be1310 18208->18373 18212 7ff702bdfbf2 18209->18212 18213 7ff702bdfb91 18209->18213 18209->18215 18210->18206 18214 7ff702be0b10 _fread_nolock MultiByteToWideChar 18212->18214 18213->18215 18376 7ff702be0b10 18213->18376 18214->18215 18215->18113 18218 7ff702bd018f 18217->18218 18224 7ff702bd017e 18217->18224 18219 7ff702bde6c4 _fread_nolock 12 API calls 18218->18219 18218->18224 18220 7ff702bd01bc 18219->18220 18221 7ff702bdb464 __free_lconv_num 11 API calls 18220->18221 18223 7ff702bd01d0 18220->18223 18221->18223 18222 7ff702bdb464 __free_lconv_num 11 API calls 18222->18224 18223->18222 18225 7ff702bdf638 18224->18225 18226 7ff702bdf655 18225->18226 18227 7ff702bdf688 18225->18227 18228 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 18226->18228 18227->18226 18230 7ff702bdf6ba 18227->18230 18238 7ff702bd4d4d 18228->18238 18229 7ff702bdf7cd 18231 7ff702bdf8bf 18229->18231 18232 7ff702bdf885 18229->18232 18234 7ff702bdf854 18229->18234 18236 7ff702bdf817 18229->18236 18239 7ff702bdf80d 18229->18239 18230->18229 18242 7ff702bdf702 18230->18242 18280 7ff702bdeb24 18231->18280 18273 7ff702bdeebc 18232->18273 18266 7ff702bdf19c 18234->18266 18256 7ff702bdf3cc 18236->18256 18238->18160 18238->18161 18239->18232 18241 7ff702bdf812 18239->18241 18241->18234 18241->18236 18242->18238 18247 7ff702bdb3ac 18242->18247 18245 7ff702bdb844 _isindst 17 API calls 18246 7ff702bdf91c 18245->18246 18248 7ff702bdb3c3 18247->18248 18249 7ff702bdb3b9 18247->18249 18250 7ff702bd5e48 _get_daylight 11 API calls 18248->18250 18249->18248 18254 7ff702bdb3de 18249->18254 18251 7ff702bdb3ca 18250->18251 18253 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 18251->18253 18252 7ff702bdb3d6 18252->18238 18252->18245 18253->18252 18254->18252 18255 7ff702bd5e48 _get_daylight 11 API calls 18254->18255 18255->18251 18289 7ff702be531c 18256->18289 18260 7ff702bdf474 18261 7ff702bdf4c9 18260->18261 18262 7ff702bdf478 18260->18262 18263 7ff702bdf494 18260->18263 18342 7ff702bdefb8 18261->18342 18262->18238 18338 7ff702bdf274 18263->18338 18267 7ff702be531c 38 API calls 18266->18267 18268 7ff702bdf1e6 18267->18268 18269 7ff702be4d64 37 API calls 18268->18269 18270 7ff702bdf236 18269->18270 18271 7ff702bdf23a 18270->18271 18272 7ff702bdf274 45 API calls 18270->18272 18271->18238 18272->18271 18274 7ff702be531c 38 API calls 18273->18274 18275 7ff702bdef07 18274->18275 18276 7ff702be4d64 37 API calls 18275->18276 18277 7ff702bdef5f 18276->18277 18278 7ff702bdef63 18277->18278 18279 7ff702bdefb8 45 API calls 18277->18279 18278->18238 18279->18278 18281 7ff702bdeb9c 18280->18281 18282 7ff702bdeb69 18280->18282 18283 7ff702bdebb4 18281->18283 18284 7ff702bdec35 18281->18284 18285 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 18282->18285 18286 7ff702bdeebc 46 API calls 18283->18286 18287 7ff702bdeb95 memcpy_s 18284->18287 18288 7ff702bd5270 45 API calls 18284->18288 18285->18287 18286->18287 18287->18238 18288->18287 18290 7ff702be536f fegetenv 18289->18290 18291 7ff702be909c 37 API calls 18290->18291 18294 7ff702be53c2 18291->18294 18292 7ff702be53ef 18297 7ff702bdb3ac __std_exception_copy 37 API calls 18292->18297 18293 7ff702be54b2 18295 7ff702be909c 37 API calls 18293->18295 18294->18293 18299 7ff702be548c 18294->18299 18300 7ff702be53dd 18294->18300 18296 7ff702be54dc 18295->18296 18301 7ff702be909c 37 API calls 18296->18301 18298 7ff702be546d 18297->18298 18302 7ff702be6594 18298->18302 18308 7ff702be5475 18298->18308 18303 7ff702bdb3ac __std_exception_copy 37 API calls 18299->18303 18300->18292 18300->18293 18304 7ff702be54ed 18301->18304 18305 7ff702bdb844 _isindst 17 API calls 18302->18305 18303->18298 18306 7ff702be9290 20 API calls 18304->18306 18307 7ff702be65a9 18305->18307 18316 7ff702be5556 memcpy_s 18306->18316 18309 7ff702bcbb10 _log10_special 8 API calls 18308->18309 18310 7ff702bdf419 18309->18310 18334 7ff702be4d64 18310->18334 18311 7ff702be58ff memcpy_s 18312 7ff702be5597 memcpy_s 18329 7ff702be5edb memcpy_s 18312->18329 18330 7ff702be59f3 memcpy_s 18312->18330 18313 7ff702be5c3f 18314 7ff702be4e80 37 API calls 18313->18314 18320 7ff702be6357 18314->18320 18315 7ff702be5beb 18315->18313 18317 7ff702be65ac memcpy_s 37 API calls 18315->18317 18316->18311 18316->18312 18318 7ff702bd5e48 _get_daylight 11 API calls 18316->18318 18317->18313 18319 7ff702be59d0 18318->18319 18321 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 18319->18321 18322 7ff702be65ac memcpy_s 37 API calls 18320->18322 18327 7ff702be63b2 18320->18327 18321->18312 18322->18327 18323 7ff702be6538 18325 7ff702be909c 37 API calls 18323->18325 18324 7ff702bd5e48 11 API calls _get_daylight 18324->18329 18325->18308 18326 7ff702bd5e48 11 API calls _get_daylight 18326->18330 18327->18323 18328 7ff702be4e80 37 API calls 18327->18328 18332 7ff702be65ac memcpy_s 37 API calls 18327->18332 18328->18327 18329->18313 18329->18315 18329->18324 18333 7ff702bdb824 37 API calls _invalid_parameter_noinfo 18329->18333 18330->18315 18330->18326 18331 7ff702bdb824 37 API calls _invalid_parameter_noinfo 18330->18331 18331->18330 18332->18327 18333->18329 18335 7ff702be4d83 18334->18335 18336 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 18335->18336 18337 7ff702be4dae memcpy_s 18335->18337 18336->18337 18337->18260 18339 7ff702bdf2a0 memcpy_s 18338->18339 18340 7ff702bd5270 45 API calls 18339->18340 18341 7ff702bdf35a memcpy_s 18339->18341 18340->18341 18341->18262 18343 7ff702bdeff3 18342->18343 18347 7ff702bdf040 memcpy_s 18342->18347 18344 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 18343->18344 18345 7ff702bdf01f 18344->18345 18345->18262 18346 7ff702bdf0ab 18348 7ff702bdb3ac __std_exception_copy 37 API calls 18346->18348 18347->18346 18349 7ff702bd5270 45 API calls 18347->18349 18352 7ff702bdf0ed memcpy_s 18348->18352 18349->18346 18350 7ff702bdb844 _isindst 17 API calls 18351 7ff702bdf198 18350->18351 18352->18350 18354 7ff702bd0237 18353->18354 18359 7ff702bd0226 18353->18359 18355 7ff702bde6c4 _fread_nolock 12 API calls 18354->18355 18354->18359 18356 7ff702bd0268 18355->18356 18357 7ff702bdb464 __free_lconv_num 11 API calls 18356->18357 18360 7ff702bd027c 18356->18360 18357->18360 18358 7ff702bdb464 __free_lconv_num 11 API calls 18358->18359 18359->18180 18360->18358 18362 7ff702bd5212 18361->18362 18364 7ff702bd521a 18361->18364 18363 7ff702bd5270 45 API calls 18362->18363 18363->18364 18364->18191 18366 7ff702bd52af 18365->18366 18367 7ff702bdea99 18365->18367 18369 7ff702bdeaec 18366->18369 18367->18366 18368 7ff702be4574 45 API calls 18367->18368 18368->18366 18370 7ff702bdeb05 18369->18370 18371 7ff702bd52bf 18369->18371 18370->18371 18372 7ff702be38c0 45 API calls 18370->18372 18371->18113 18372->18371 18379 7ff702be7ff8 18373->18379 18377 7ff702be0b19 MultiByteToWideChar 18376->18377 18382 7ff702be805c 18379->18382 18380 7ff702bcbb10 _log10_special 8 API calls 18381 7ff702be132d 18380->18381 18381->18215 18382->18380 18384 7ff702bd05d5 18383->18384 18385 7ff702bd05e7 18383->18385 18386 7ff702bd5e48 _get_daylight 11 API calls 18384->18386 18388 7ff702bd05f5 18385->18388 18391 7ff702bd0631 18385->18391 18387 7ff702bd05da 18386->18387 18389 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 18387->18389 18390 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 18388->18390 18397 7ff702bd05e5 18389->18397 18390->18397 18392 7ff702bd09ad 18391->18392 18393 7ff702bd5e48 _get_daylight 11 API calls 18391->18393 18394 7ff702bd5e48 _get_daylight 11 API calls 18392->18394 18392->18397 18396 7ff702bd09a2 18393->18396 18395 7ff702bd0c41 18394->18395 18398 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 18395->18398 18399 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 18396->18399 18397->18079 18398->18397 18399->18392 18401 7ff702bd57ca 18400->18401 18402 7ff702bd5802 18401->18402 18404 7ff702bd5835 18401->18404 18403 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 18402->18403 18405 7ff702bd582b 18403->18405 18407 7ff702bd00d8 18404->18407 18405->18069 18414 7ff702bd62dc EnterCriticalSection 18407->18414 18416 7ff702bcfc5c 18415->18416 18443 7ff702bcf9bc 18416->18443 18418 7ff702bcfc75 18418->17716 18455 7ff702bcf914 18419->18455 18423 7ff702bcbe10 18422->18423 18424 7ff702bc2040 GetCurrentProcessId 18423->18424 18425 7ff702bc1c60 49 API calls 18424->18425 18426 7ff702bc208b 18425->18426 18469 7ff702bd58c4 18426->18469 18430 7ff702bc20ec 18431 7ff702bc1c60 49 API calls 18430->18431 18432 7ff702bc2106 18431->18432 18509 7ff702bc1cc0 18432->18509 18435 7ff702bcbb10 _log10_special 8 API calls 18436 7ff702bc2120 18435->18436 18436->17755 18438 7ff702bc1b69 18437->18438 18439 7ff702bcf671 18437->18439 18438->17754 18438->17755 18440 7ff702bd5e48 _get_daylight 11 API calls 18439->18440 18441 7ff702bcf676 18440->18441 18442 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 18441->18442 18442->18438 18444 7ff702bcfa26 18443->18444 18445 7ff702bcf9e6 18443->18445 18444->18445 18447 7ff702bcfa32 18444->18447 18446 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 18445->18446 18448 7ff702bcfa0d 18446->18448 18454 7ff702bd62dc EnterCriticalSection 18447->18454 18448->18418 18456 7ff702bc1a00 18455->18456 18457 7ff702bcf93e 18455->18457 18456->17724 18456->17725 18457->18456 18458 7ff702bcf94d memcpy_s 18457->18458 18459 7ff702bcf98a 18457->18459 18461 7ff702bd5e48 _get_daylight 11 API calls 18458->18461 18468 7ff702bd62dc EnterCriticalSection 18459->18468 18463 7ff702bcf962 18461->18463 18465 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 18463->18465 18465->18456 18472 7ff702bd591e 18469->18472 18470 7ff702bd5943 18473 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 18470->18473 18471 7ff702bd597f 18520 7ff702bd27b8 18471->18520 18472->18470 18472->18471 18486 7ff702bd596d 18473->18486 18475 7ff702bd5a5c 18476 7ff702bdb464 __free_lconv_num 11 API calls 18475->18476 18476->18486 18477 7ff702bcbb10 _log10_special 8 API calls 18479 7ff702bc20ca 18477->18479 18487 7ff702bd60a0 18479->18487 18480 7ff702bd5a80 18480->18475 18483 7ff702bd5a8a 18480->18483 18481 7ff702bd5a31 18484 7ff702bdb464 __free_lconv_num 11 API calls 18481->18484 18482 7ff702bd5a28 18482->18475 18482->18481 18485 7ff702bdb464 __free_lconv_num 11 API calls 18483->18485 18484->18486 18485->18486 18486->18477 18488 7ff702bdc1c8 _get_daylight 11 API calls 18487->18488 18489 7ff702bd60b7 18488->18489 18490 7ff702bd60bf 18489->18490 18491 7ff702bdfe04 _get_daylight 11 API calls 18489->18491 18494 7ff702bd60f7 18489->18494 18490->18430 18492 7ff702bd60ec 18491->18492 18493 7ff702bdb464 __free_lconv_num 11 API calls 18492->18493 18493->18494 18494->18490 18658 7ff702bdfe8c 18494->18658 18497 7ff702bdb844 _isindst 17 API calls 18498 7ff702bd613c 18497->18498 18499 7ff702bdfe04 _get_daylight 11 API calls 18498->18499 18500 7ff702bd6189 18499->18500 18501 7ff702bdb464 __free_lconv_num 11 API calls 18500->18501 18502 7ff702bd6197 18501->18502 18503 7ff702bdfe04 _get_daylight 11 API calls 18502->18503 18504 7ff702bd61c1 18502->18504 18505 7ff702bd61b3 18503->18505 18508 7ff702bd61ca 18504->18508 18667 7ff702be02e0 18504->18667 18507 7ff702bdb464 __free_lconv_num 11 API calls 18505->18507 18507->18504 18508->18430 18510 7ff702bc1ccc 18509->18510 18511 7ff702bc8950 2 API calls 18510->18511 18512 7ff702bc1cf4 18511->18512 18513 7ff702bc1d19 18512->18513 18514 7ff702bc1cfe 18512->18514 18682 7ff702bc1db0 18513->18682 18516 7ff702bc1e00 78 API calls 18514->18516 18517 7ff702bc1d17 18516->18517 18518 7ff702bcbb10 _log10_special 8 API calls 18517->18518 18519 7ff702bc1d40 18518->18519 18519->18435 18521 7ff702bd27f6 18520->18521 18522 7ff702bd27e6 18520->18522 18523 7ff702bd27ff 18521->18523 18530 7ff702bd282d 18521->18530 18526 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 18522->18526 18524 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 18523->18524 18525 7ff702bd2825 18524->18525 18525->18475 18525->18480 18525->18481 18525->18482 18526->18525 18527 7ff702bd5270 45 API calls 18527->18530 18529 7ff702bd2adc 18532 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 18529->18532 18530->18522 18530->18525 18530->18527 18530->18529 18534 7ff702bd3b88 18530->18534 18560 7ff702bd3268 18530->18560 18590 7ff702bd2300 18530->18590 18532->18522 18535 7ff702bd3c3d 18534->18535 18536 7ff702bd3bca 18534->18536 18537 7ff702bd3c42 18535->18537 18538 7ff702bd3c97 18535->18538 18539 7ff702bd3bd0 18536->18539 18540 7ff702bd3c67 18536->18540 18541 7ff702bd3c44 18537->18541 18542 7ff702bd3c77 18537->18542 18538->18540 18551 7ff702bd3ca6 18538->18551 18558 7ff702bd3c00 18538->18558 18547 7ff702bd3bd5 18539->18547 18539->18551 18607 7ff702bd1128 18540->18607 18543 7ff702bd3be5 18541->18543 18550 7ff702bd3c53 18541->18550 18614 7ff702bd0d18 18542->18614 18559 7ff702bd3cd5 18543->18559 18593 7ff702bd49b0 18543->18593 18547->18543 18549 7ff702bd3c18 18547->18549 18547->18558 18549->18559 18603 7ff702bd4e6c 18549->18603 18550->18540 18552 7ff702bd3c58 18550->18552 18551->18559 18621 7ff702bd1538 18551->18621 18555 7ff702bd5004 37 API calls 18552->18555 18552->18559 18554 7ff702bcbb10 _log10_special 8 API calls 18556 7ff702bd3f6b 18554->18556 18555->18558 18556->18530 18558->18559 18628 7ff702bdf920 18558->18628 18559->18554 18561 7ff702bd3273 18560->18561 18562 7ff702bd3289 18560->18562 18564 7ff702bd32c7 18561->18564 18565 7ff702bd3c3d 18561->18565 18566 7ff702bd3bca 18561->18566 18563 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 18562->18563 18562->18564 18563->18564 18564->18530 18567 7ff702bd3c42 18565->18567 18568 7ff702bd3c97 18565->18568 18569 7ff702bd3bd0 18566->18569 18570 7ff702bd3c67 18566->18570 18571 7ff702bd3c44 18567->18571 18572 7ff702bd3c77 18567->18572 18568->18570 18581 7ff702bd3ca6 18568->18581 18588 7ff702bd3c00 18568->18588 18577 7ff702bd3bd5 18569->18577 18569->18581 18574 7ff702bd1128 38 API calls 18570->18574 18573 7ff702bd3be5 18571->18573 18579 7ff702bd3c53 18571->18579 18575 7ff702bd0d18 38 API calls 18572->18575 18576 7ff702bd49b0 47 API calls 18573->18576 18589 7ff702bd3cd5 18573->18589 18574->18588 18575->18588 18576->18588 18577->18573 18580 7ff702bd3c18 18577->18580 18577->18588 18578 7ff702bd1538 38 API calls 18578->18588 18579->18570 18582 7ff702bd3c58 18579->18582 18583 7ff702bd4e6c 47 API calls 18580->18583 18580->18589 18581->18578 18581->18589 18585 7ff702bd5004 37 API calls 18582->18585 18582->18589 18583->18588 18584 7ff702bcbb10 _log10_special 8 API calls 18586 7ff702bd3f6b 18584->18586 18585->18588 18586->18530 18587 7ff702bdf920 47 API calls 18587->18588 18588->18587 18588->18589 18589->18584 18641 7ff702bd02ec 18590->18641 18594 7ff702bd49d2 18593->18594 18595 7ff702bd0158 12 API calls 18594->18595 18596 7ff702bd4a1a 18595->18596 18597 7ff702bdf638 46 API calls 18596->18597 18598 7ff702bd4aed 18597->18598 18599 7ff702bd4b0f 18598->18599 18600 7ff702bd5270 45 API calls 18598->18600 18601 7ff702bd5270 45 API calls 18599->18601 18602 7ff702bd4b98 18599->18602 18600->18599 18601->18602 18602->18558 18604 7ff702bd4e84 18603->18604 18606 7ff702bd4eec 18603->18606 18605 7ff702bdf920 47 API calls 18604->18605 18604->18606 18605->18606 18606->18558 18608 7ff702bd115b 18607->18608 18609 7ff702bd118a 18608->18609 18611 7ff702bd1247 18608->18611 18610 7ff702bd0158 12 API calls 18609->18610 18613 7ff702bd11c7 18609->18613 18610->18613 18612 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 18611->18612 18612->18613 18613->18558 18615 7ff702bd0d4b 18614->18615 18616 7ff702bd0d7a 18615->18616 18618 7ff702bd0e37 18615->18618 18617 7ff702bd0158 12 API calls 18616->18617 18620 7ff702bd0db7 18616->18620 18617->18620 18619 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 18618->18619 18619->18620 18620->18558 18622 7ff702bd156b 18621->18622 18623 7ff702bd159a 18622->18623 18625 7ff702bd1657 18622->18625 18624 7ff702bd0158 12 API calls 18623->18624 18627 7ff702bd15d7 18623->18627 18624->18627 18626 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 18625->18626 18626->18627 18627->18558 18630 7ff702bdf948 18628->18630 18629 7ff702bdf98d 18632 7ff702bdf94d memcpy_s 18629->18632 18634 7ff702bdf976 memcpy_s 18629->18634 18638 7ff702be1a58 18629->18638 18630->18629 18631 7ff702bd5270 45 API calls 18630->18631 18630->18632 18630->18634 18631->18629 18632->18558 18633 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 18633->18632 18634->18632 18634->18633 18639 7ff702be1a7c WideCharToMultiByte 18638->18639 18642 7ff702bd032b 18641->18642 18643 7ff702bd0319 18641->18643 18646 7ff702bd0338 18642->18646 18649 7ff702bd0375 18642->18649 18644 7ff702bd5e48 _get_daylight 11 API calls 18643->18644 18645 7ff702bd031e 18644->18645 18647 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 18645->18647 18648 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 18646->18648 18654 7ff702bd0329 18647->18654 18648->18654 18650 7ff702bd041e 18649->18650 18651 7ff702bd5e48 _get_daylight 11 API calls 18649->18651 18652 7ff702bd5e48 _get_daylight 11 API calls 18650->18652 18650->18654 18655 7ff702bd0413 18651->18655 18653 7ff702bd04c8 18652->18653 18656 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 18653->18656 18654->18530 18657 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 18655->18657 18656->18654 18657->18650 18659 7ff702bdfea9 18658->18659 18662 7ff702bdfeae 18659->18662 18664 7ff702bd611d 18659->18664 18665 7ff702bdfef8 18659->18665 18660 7ff702bd5e48 _get_daylight 11 API calls 18661 7ff702bdfeb8 18660->18661 18663 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 18661->18663 18662->18660 18662->18664 18663->18664 18664->18490 18664->18497 18665->18664 18666 7ff702bd5e48 _get_daylight 11 API calls 18665->18666 18666->18661 18672 7ff702bdff7c 18667->18672 18670 7ff702be0335 InitializeCriticalSectionAndSpinCount 18671 7ff702be031b 18670->18671 18671->18504 18673 7ff702bdffd9 18672->18673 18680 7ff702bdffd4 __vcrt_InitializeCriticalSectionEx 18672->18680 18673->18670 18673->18671 18674 7ff702be0009 LoadLibraryExW 18676 7ff702be00de 18674->18676 18677 7ff702be002e GetLastError 18674->18677 18675 7ff702be00fe GetProcAddress 18675->18673 18679 7ff702be010f 18675->18679 18676->18675 18678 7ff702be00f5 FreeLibrary 18676->18678 18677->18680 18678->18675 18679->18673 18680->18673 18680->18674 18680->18675 18681 7ff702be0068 LoadLibraryExW 18680->18681 18681->18676 18681->18680 18683 7ff702bc1dd6 18682->18683 18686 7ff702bd567c 18683->18686 18685 7ff702bc1dec 18685->18517 18687 7ff702bd56a6 18686->18687 18688 7ff702bd56de 18687->18688 18689 7ff702bd5711 18687->18689 18690 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 18688->18690 18693 7ff702bd0118 18689->18693 18692 7ff702bd5707 18690->18692 18692->18685 18700 7ff702bd62dc EnterCriticalSection 18693->18700 18702 7ff702bc7bf1 GetTokenInformation 18701->18702 18703 7ff702bc7c73 __std_exception_destroy 18701->18703 18704 7ff702bc7c12 GetLastError 18702->18704 18707 7ff702bc7c1d 18702->18707 18705 7ff702bc7c86 CloseHandle 18703->18705 18706 7ff702bc7c8c 18703->18706 18704->18703 18704->18707 18705->18706 18706->17773 18707->18703 18708 7ff702bc7c39 GetTokenInformation 18707->18708 18708->18703 18709 7ff702bc7c5c 18708->18709 18709->18703 18710 7ff702bc7c66 ConvertSidToStringSidW 18709->18710 18710->18703 18712 7ff702bcbe10 18711->18712 18713 7ff702bc2244 GetCurrentProcessId 18712->18713 18714 7ff702bc1d50 48 API calls 18713->18714 18715 7ff702bc2295 18714->18715 18716 7ff702bd5b18 48 API calls 18715->18716 18910 7ff702bc397a 18909->18910 18916 7ff702bc726e 18915->18916 18928 7ff702bc15f3 18927->18928 18929 7ff702bc1617 18927->18929 18976 7ff702bc65cb 18975->18976 18978 7ff702bc6584 18975->18978 18976->17825 18978->18976 18980 7ff702bc35b1 18979->18980 19024 7ff702bc1c60 49 API calls 19023->19024 19191 7ff702bd6e88 19190->19191 19192 7ff702bd6eae 19191->19192 19194 7ff702bd6ee1 19191->19194 19193 7ff702bd5e48 _get_daylight 11 API calls 19192->19193 19195 7ff702bd6eb3 19193->19195 19197 7ff702bd6ef4 19194->19197 19198 7ff702bd6ee7 19194->19198 19196 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 19195->19196 19208 7ff702bc3a26 19196->19208 19209 7ff702bdbb30 19197->19209 19199 7ff702bd5e48 _get_daylight 11 API calls 19198->19199 19199->19208 19208->17861 19222 7ff702be1548 EnterCriticalSection 19209->19222 19582 7ff702bd8834 19581->19582 19585 7ff702bd8310 19582->19585 19584 7ff702bd884d 19584->17871 19586 7ff702bd832b 19585->19586 19587 7ff702bd835a 19585->19587 19588 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 19586->19588 19595 7ff702bd62dc EnterCriticalSection 19587->19595 19591 7ff702bd834b 19588->19591 19591->19584 19597 7ff702bcf39b 19596->19597 19598 7ff702bcf3c9 19596->19598 19599 7ff702bdb758 _invalid_parameter_noinfo 37 API calls 19597->19599 19601 7ff702bcf3bb 19598->19601 19606 7ff702bd62dc EnterCriticalSection 19598->19606 19599->19601 19601->17875 19714 7ff702bc57b5 19713->19714 20003 7ff702bdc050 _CallSETranslator 45 API calls 20002->20003 20004 7ff702bdb361 20003->20004 20005 7ff702bdb40c _CallSETranslator 45 API calls 20004->20005 20006 7ff702bdb381 20005->20006 21105 7ff702bcc110 21106 7ff702bcc120 21105->21106 21122 7ff702bdaae0 21106->21122 21108 7ff702bcc12c 21128 7ff702bcc418 21108->21128 21110 7ff702bcc6fc 7 API calls 21112 7ff702bcc1c5 21110->21112 21111 7ff702bcc144 _RTC_Initialize 21120 7ff702bcc199 21111->21120 21133 7ff702bcc5c8 21111->21133 21114 7ff702bcc159 21136 7ff702bd9f50 21114->21136 21120->21110 21121 7ff702bcc1b5 21120->21121 21123 7ff702bdaaf1 21122->21123 21124 7ff702bd5e48 _get_daylight 11 API calls 21123->21124 21127 7ff702bdaaf9 21123->21127 21125 7ff702bdab08 21124->21125 21126 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 21125->21126 21126->21127 21127->21108 21129 7ff702bcc429 21128->21129 21132 7ff702bcc42e __scrt_acquire_startup_lock 21128->21132 21130 7ff702bcc6fc 7 API calls 21129->21130 21129->21132 21131 7ff702bcc4a2 21130->21131 21132->21111 21161 7ff702bcc58c 21133->21161 21135 7ff702bcc5d1 21135->21114 21137 7ff702bd9f70 21136->21137 21138 7ff702bcc165 21136->21138 21139 7ff702bd9f8e GetModuleFileNameW 21137->21139 21140 7ff702bd9f78 21137->21140 21138->21120 21160 7ff702bcc69c InitializeSListHead 21138->21160 21144 7ff702bd9fb9 21139->21144 21141 7ff702bd5e48 _get_daylight 11 API calls 21140->21141 21142 7ff702bd9f7d 21141->21142 21143 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 21142->21143 21143->21138 21145 7ff702bd9ef0 11 API calls 21144->21145 21146 7ff702bd9ff9 21145->21146 21147 7ff702bda001 21146->21147 21151 7ff702bda019 21146->21151 21148 7ff702bd5e48 _get_daylight 11 API calls 21147->21148 21149 7ff702bda006 21148->21149 21150 7ff702bdb464 __free_lconv_num 11 API calls 21149->21150 21150->21138 21152 7ff702bda03b 21151->21152 21154 7ff702bda080 21151->21154 21155 7ff702bda067 21151->21155 21153 7ff702bdb464 __free_lconv_num 11 API calls 21152->21153 21153->21138 21158 7ff702bdb464 __free_lconv_num 11 API calls 21154->21158 21156 7ff702bdb464 __free_lconv_num 11 API calls 21155->21156 21157 7ff702bda070 21156->21157 21159 7ff702bdb464 __free_lconv_num 11 API calls 21157->21159 21158->21152 21159->21138 21162 7ff702bcc5a6 21161->21162 21164 7ff702bcc59f 21161->21164 21165 7ff702bdb16c 21162->21165 21164->21135 21168 7ff702bdada8 21165->21168 21175 7ff702be1548 EnterCriticalSection 21168->21175 20831 7ff702be2920 20842 7ff702be8654 20831->20842 20843 7ff702be8661 20842->20843 20844 7ff702bdb464 __free_lconv_num 11 API calls 20843->20844 20845 7ff702be867d 20843->20845 20844->20843 20846 7ff702bdb464 __free_lconv_num 11 API calls 20845->20846 20847 7ff702be2929 20845->20847 20846->20845 20848 7ff702be1548 EnterCriticalSection 20847->20848 17365 7ff702bcb0a0 17366 7ff702bcb0ce 17365->17366 17367 7ff702bcb0b5 17365->17367 17367->17366 17370 7ff702bde6c4 17367->17370 17371 7ff702bde6d3 _get_daylight 17370->17371 17372 7ff702bde70f 17370->17372 17371->17372 17374 7ff702bde6f6 HeapAlloc 17371->17374 17376 7ff702be4800 _get_daylight 2 API calls 17371->17376 17373 7ff702bd5e48 _get_daylight 11 API calls 17372->17373 17375 7ff702bcb12e 17373->17375 17374->17371 17374->17375 17376->17371 20582 7ff702bda899 20583 7ff702bdb358 45 API calls 20582->20583 20584 7ff702bda89e 20583->20584 20585 7ff702bda8c5 GetModuleHandleW 20584->20585 20586 7ff702bda90f 20584->20586 20585->20586 20592 7ff702bda8d2 20585->20592 20594 7ff702bda79c 20586->20594 20592->20586 20608 7ff702bda9c0 GetModuleHandleExW 20592->20608 20614 7ff702be1548 EnterCriticalSection 20594->20614 20609 7ff702bda9f4 GetProcAddress 20608->20609 20610 7ff702bdaa1d 20608->20610 20611 7ff702bdaa06 20609->20611 20612 7ff702bdaa22 FreeLibrary 20610->20612 20613 7ff702bdaa29 20610->20613 20611->20610 20612->20613 20613->20586 20007 7ff702be1b38 20008 7ff702be1b5c 20007->20008 20011 7ff702be1b6c 20007->20011 20009 7ff702bd5e48 _get_daylight 11 API calls 20008->20009 20010 7ff702be1b61 20009->20010 20012 7ff702be1e4c 20011->20012 20013 7ff702be1b8e 20011->20013 20014 7ff702bd5e48 _get_daylight 11 API calls 20012->20014 20019 7ff702be1baf 20013->20019 20138 7ff702be21f4 20013->20138 20015 7ff702be1e51 20014->20015 20017 7ff702bdb464 __free_lconv_num 11 API calls 20015->20017 20017->20010 20018 7ff702be1c21 20023 7ff702bdfe04 _get_daylight 11 API calls 20018->20023 20035 7ff702be1be4 20018->20035 20019->20018 20021 7ff702be1bd5 20019->20021 20050 7ff702be1c15 20019->20050 20020 7ff702be1cce 20030 7ff702be1ceb 20020->20030 20036 7ff702be1d3d 20020->20036 20153 7ff702bda5fc 20021->20153 20026 7ff702be1c37 20023->20026 20025 7ff702bdb464 __free_lconv_num 11 API calls 20025->20010 20031 7ff702bdb464 __free_lconv_num 11 API calls 20026->20031 20028 7ff702be1bdf 20033 7ff702bd5e48 _get_daylight 11 API calls 20028->20033 20029 7ff702be1bfd 20038 7ff702be21f4 45 API calls 20029->20038 20029->20050 20034 7ff702bdb464 __free_lconv_num 11 API calls 20030->20034 20032 7ff702be1c45 20031->20032 20032->20035 20040 7ff702bdfe04 _get_daylight 11 API calls 20032->20040 20032->20050 20033->20035 20037 7ff702be1cf4 20034->20037 20035->20025 20036->20035 20039 7ff702be464c 40 API calls 20036->20039 20048 7ff702be1cf9 20037->20048 20195 7ff702be464c 20037->20195 20038->20050 20041 7ff702be1d7a 20039->20041 20042 7ff702be1c67 20040->20042 20043 7ff702bdb464 __free_lconv_num 11 API calls 20041->20043 20045 7ff702bdb464 __free_lconv_num 11 API calls 20042->20045 20046 7ff702be1d84 20043->20046 20045->20050 20046->20035 20046->20048 20047 7ff702be1e40 20051 7ff702bdb464 __free_lconv_num 11 API calls 20047->20051 20048->20047 20053 7ff702bdfe04 _get_daylight 11 API calls 20048->20053 20049 7ff702be1d25 20052 7ff702bdb464 __free_lconv_num 11 API calls 20049->20052 20050->20020 20050->20035 20159 7ff702be839c 20050->20159 20051->20010 20052->20048 20054 7ff702be1dc8 20053->20054 20055 7ff702be1dd0 20054->20055 20056 7ff702be1dd9 20054->20056 20057 7ff702bdb464 __free_lconv_num 11 API calls 20055->20057 20058 7ff702bdb3ac __std_exception_copy 37 API calls 20056->20058 20059 7ff702be1dd7 20057->20059 20060 7ff702be1de8 20058->20060 20063 7ff702bdb464 __free_lconv_num 11 API calls 20059->20063 20061 7ff702be1df0 20060->20061 20062 7ff702be1e7b 20060->20062 20204 7ff702be84b4 20061->20204 20065 7ff702bdb844 _isindst 17 API calls 20062->20065 20063->20010 20066 7ff702be1e8f 20065->20066 20068 7ff702be1eb8 20066->20068 20075 7ff702be1ec8 20066->20075 20071 7ff702bd5e48 _get_daylight 11 API calls 20068->20071 20069 7ff702be1e38 20072 7ff702bdb464 __free_lconv_num 11 API calls 20069->20072 20070 7ff702be1e17 20073 7ff702bd5e48 _get_daylight 11 API calls 20070->20073 20100 7ff702be1ebd 20071->20100 20072->20047 20074 7ff702be1e1c 20073->20074 20077 7ff702bdb464 __free_lconv_num 11 API calls 20074->20077 20076 7ff702be21ab 20075->20076 20078 7ff702be1eea 20075->20078 20079 7ff702bd5e48 _get_daylight 11 API calls 20076->20079 20077->20059 20080 7ff702be1f07 20078->20080 20223 7ff702be22dc 20078->20223 20081 7ff702be21b0 20079->20081 20084 7ff702be1f7b 20080->20084 20086 7ff702be1f2f 20080->20086 20094 7ff702be1f6f 20080->20094 20083 7ff702bdb464 __free_lconv_num 11 API calls 20081->20083 20083->20100 20089 7ff702be1fa3 20084->20089 20090 7ff702bdfe04 _get_daylight 11 API calls 20084->20090 20105 7ff702be1f3e 20084->20105 20085 7ff702be202e 20098 7ff702be204b 20085->20098 20106 7ff702be209e 20085->20106 20238 7ff702bda638 20086->20238 20092 7ff702bdfe04 _get_daylight 11 API calls 20089->20092 20089->20094 20089->20105 20095 7ff702be1f95 20090->20095 20099 7ff702be1fc5 20092->20099 20093 7ff702bdb464 __free_lconv_num 11 API calls 20093->20100 20094->20085 20094->20105 20244 7ff702be825c 20094->20244 20101 7ff702bdb464 __free_lconv_num 11 API calls 20095->20101 20096 7ff702be1f57 20096->20094 20108 7ff702be22dc 45 API calls 20096->20108 20097 7ff702be1f39 20102 7ff702bd5e48 _get_daylight 11 API calls 20097->20102 20103 7ff702bdb464 __free_lconv_num 11 API calls 20098->20103 20104 7ff702bdb464 __free_lconv_num 11 API calls 20099->20104 20101->20089 20102->20105 20107 7ff702be2054 20103->20107 20104->20094 20105->20093 20106->20105 20109 7ff702be464c 40 API calls 20106->20109 20112 7ff702be464c 40 API calls 20107->20112 20115 7ff702be205a 20107->20115 20108->20094 20110 7ff702be20dc 20109->20110 20111 7ff702bdb464 __free_lconv_num 11 API calls 20110->20111 20113 7ff702be20e6 20111->20113 20116 7ff702be2086 20112->20116 20113->20105 20113->20115 20114 7ff702be219f 20118 7ff702bdb464 __free_lconv_num 11 API calls 20114->20118 20115->20114 20119 7ff702bdfe04 _get_daylight 11 API calls 20115->20119 20117 7ff702bdb464 __free_lconv_num 11 API calls 20116->20117 20117->20115 20118->20100 20120 7ff702be212b 20119->20120 20121 7ff702be2133 20120->20121 20122 7ff702be213c 20120->20122 20123 7ff702bdb464 __free_lconv_num 11 API calls 20121->20123 20124 7ff702be16e4 37 API calls 20122->20124 20125 7ff702be213a 20123->20125 20126 7ff702be214a 20124->20126 20129 7ff702bdb464 __free_lconv_num 11 API calls 20125->20129 20127 7ff702be21df 20126->20127 20128 7ff702be2152 SetEnvironmentVariableW 20126->20128 20132 7ff702bdb844 _isindst 17 API calls 20127->20132 20130 7ff702be2176 20128->20130 20131 7ff702be2197 20128->20131 20129->20100 20135 7ff702bd5e48 _get_daylight 11 API calls 20130->20135 20134 7ff702bdb464 __free_lconv_num 11 API calls 20131->20134 20133 7ff702be21f3 20132->20133 20134->20114 20136 7ff702be217b 20135->20136 20137 7ff702bdb464 __free_lconv_num 11 API calls 20136->20137 20137->20125 20139 7ff702be2229 20138->20139 20140 7ff702be2211 20138->20140 20141 7ff702bdfe04 _get_daylight 11 API calls 20139->20141 20140->20019 20148 7ff702be224d 20141->20148 20142 7ff702be22d2 20144 7ff702bdb40c _CallSETranslator 45 API calls 20142->20144 20143 7ff702be22ae 20145 7ff702bdb464 __free_lconv_num 11 API calls 20143->20145 20146 7ff702be22d8 20144->20146 20145->20140 20147 7ff702bdfe04 _get_daylight 11 API calls 20147->20148 20148->20142 20148->20143 20148->20147 20149 7ff702bdb464 __free_lconv_num 11 API calls 20148->20149 20150 7ff702bdb3ac __std_exception_copy 37 API calls 20148->20150 20151 7ff702be22bd 20148->20151 20149->20148 20150->20148 20152 7ff702bdb844 _isindst 17 API calls 20151->20152 20152->20142 20154 7ff702bda615 20153->20154 20155 7ff702bda60c 20153->20155 20154->20028 20154->20029 20155->20154 20268 7ff702bda0d4 20155->20268 20160 7ff702be74c4 20159->20160 20161 7ff702be83a9 20159->20161 20162 7ff702be74d1 20160->20162 20167 7ff702be7507 20160->20167 20163 7ff702bd5e8c 45 API calls 20161->20163 20165 7ff702bd5e48 _get_daylight 11 API calls 20162->20165 20179 7ff702be7478 20162->20179 20164 7ff702be83dd 20163->20164 20168 7ff702be83e2 20164->20168 20172 7ff702be83f3 20164->20172 20175 7ff702be840a 20164->20175 20169 7ff702be74db 20165->20169 20166 7ff702be7531 20170 7ff702bd5e48 _get_daylight 11 API calls 20166->20170 20167->20166 20171 7ff702be7556 20167->20171 20168->20050 20173 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 20169->20173 20174 7ff702be7536 20170->20174 20180 7ff702bd5e8c 45 API calls 20171->20180 20187 7ff702be7541 20171->20187 20176 7ff702bd5e48 _get_daylight 11 API calls 20172->20176 20177 7ff702be74e6 20173->20177 20178 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 20174->20178 20182 7ff702be8426 20175->20182 20183 7ff702be8414 20175->20183 20181 7ff702be83f8 20176->20181 20177->20050 20178->20187 20179->20050 20180->20187 20188 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 20181->20188 20185 7ff702be844e 20182->20185 20186 7ff702be8437 20182->20186 20184 7ff702bd5e48 _get_daylight 11 API calls 20183->20184 20189 7ff702be8419 20184->20189 20494 7ff702bea1bc 20185->20494 20485 7ff702be7514 20186->20485 20187->20050 20188->20168 20192 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 20189->20192 20192->20168 20194 7ff702bd5e48 _get_daylight 11 API calls 20194->20168 20196 7ff702be468b 20195->20196 20197 7ff702be466e 20195->20197 20199 7ff702be4695 20196->20199 20534 7ff702be8ea8 20196->20534 20197->20196 20198 7ff702be467c 20197->20198 20200 7ff702bd5e48 _get_daylight 11 API calls 20198->20200 20541 7ff702be8ee4 20199->20541 20203 7ff702be4681 memcpy_s 20200->20203 20203->20049 20205 7ff702bd5e8c 45 API calls 20204->20205 20206 7ff702be851a 20205->20206 20207 7ff702be8528 20206->20207 20553 7ff702be0190 20206->20553 20556 7ff702bd6468 20207->20556 20211 7ff702be8614 20214 7ff702be8625 20211->20214 20215 7ff702bdb464 __free_lconv_num 11 API calls 20211->20215 20212 7ff702bd5e8c 45 API calls 20213 7ff702be8597 20212->20213 20217 7ff702be0190 5 API calls 20213->20217 20220 7ff702be85a0 20213->20220 20216 7ff702be1e13 20214->20216 20218 7ff702bdb464 __free_lconv_num 11 API calls 20214->20218 20215->20214 20216->20069 20216->20070 20217->20220 20218->20216 20219 7ff702bd6468 14 API calls 20221 7ff702be85fb 20219->20221 20220->20219 20221->20211 20222 7ff702be8603 SetEnvironmentVariableW 20221->20222 20222->20211 20224 7ff702be22ff 20223->20224 20225 7ff702be231c 20223->20225 20224->20080 20226 7ff702bdfe04 _get_daylight 11 API calls 20225->20226 20227 7ff702be2340 20226->20227 20228 7ff702be23a1 20227->20228 20232 7ff702bdfe04 _get_daylight 11 API calls 20227->20232 20233 7ff702bdb464 __free_lconv_num 11 API calls 20227->20233 20234 7ff702be16e4 37 API calls 20227->20234 20235 7ff702be23b0 20227->20235 20237 7ff702be23c4 20227->20237 20230 7ff702bdb464 __free_lconv_num 11 API calls 20228->20230 20229 7ff702bdb40c _CallSETranslator 45 API calls 20231 7ff702be23ca 20229->20231 20230->20224 20232->20227 20233->20227 20234->20227 20236 7ff702bdb844 _isindst 17 API calls 20235->20236 20236->20237 20237->20229 20239 7ff702bda651 20238->20239 20240 7ff702bda648 20238->20240 20239->20096 20239->20097 20240->20239 20241 7ff702bda148 40 API calls 20240->20241 20242 7ff702bda65a 20241->20242 20242->20239 20243 7ff702bda508 12 API calls 20242->20243 20243->20239 20245 7ff702be8269 20244->20245 20248 7ff702be8296 20244->20248 20246 7ff702be826e 20245->20246 20245->20248 20247 7ff702bd5e48 _get_daylight 11 API calls 20246->20247 20250 7ff702be8273 20247->20250 20249 7ff702be82da 20248->20249 20252 7ff702be82f9 20248->20252 20266 7ff702be82ce __crtLCMapStringW 20248->20266 20251 7ff702bd5e48 _get_daylight 11 API calls 20249->20251 20253 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 20250->20253 20257 7ff702be82df 20251->20257 20254 7ff702be8315 20252->20254 20255 7ff702be8303 20252->20255 20256 7ff702be827e 20253->20256 20259 7ff702bd5e8c 45 API calls 20254->20259 20258 7ff702bd5e48 _get_daylight 11 API calls 20255->20258 20256->20094 20260 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 20257->20260 20261 7ff702be8308 20258->20261 20262 7ff702be8322 20259->20262 20260->20266 20263 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 20261->20263 20262->20266 20578 7ff702be9d78 20262->20578 20263->20266 20266->20094 20267 7ff702bd5e48 _get_daylight 11 API calls 20267->20266 20269 7ff702bda0ed 20268->20269 20270 7ff702bda0e9 20268->20270 20291 7ff702be3860 20269->20291 20270->20154 20283 7ff702bda428 20270->20283 20275 7ff702bda0ff 20277 7ff702bdb464 __free_lconv_num 11 API calls 20275->20277 20276 7ff702bda10b 20317 7ff702bda1b8 20276->20317 20277->20270 20280 7ff702bdb464 __free_lconv_num 11 API calls 20281 7ff702bda132 20280->20281 20282 7ff702bdb464 __free_lconv_num 11 API calls 20281->20282 20282->20270 20284 7ff702bda451 20283->20284 20289 7ff702bda46a 20283->20289 20284->20154 20285 7ff702be1a58 WideCharToMultiByte 20285->20289 20286 7ff702bdfe04 _get_daylight 11 API calls 20286->20289 20287 7ff702bda4fa 20288 7ff702bdb464 __free_lconv_num 11 API calls 20287->20288 20288->20284 20289->20284 20289->20285 20289->20286 20289->20287 20290 7ff702bdb464 __free_lconv_num 11 API calls 20289->20290 20290->20289 20292 7ff702be386d 20291->20292 20296 7ff702bda0f2 20291->20296 20336 7ff702bdc124 20292->20336 20297 7ff702be3b9c GetEnvironmentStringsW 20296->20297 20298 7ff702bda0f7 20297->20298 20300 7ff702be3bcc 20297->20300 20298->20275 20298->20276 20299 7ff702be1a58 WideCharToMultiByte 20301 7ff702be3c1d 20299->20301 20300->20299 20300->20300 20302 7ff702be3c24 FreeEnvironmentStringsW 20301->20302 20303 7ff702bde6c4 _fread_nolock 12 API calls 20301->20303 20302->20298 20304 7ff702be3c37 20303->20304 20305 7ff702be3c3f 20304->20305 20306 7ff702be3c48 20304->20306 20307 7ff702bdb464 __free_lconv_num 11 API calls 20305->20307 20308 7ff702be1a58 WideCharToMultiByte 20306->20308 20309 7ff702be3c46 20307->20309 20310 7ff702be3c6b 20308->20310 20309->20302 20311 7ff702be3c6f 20310->20311 20312 7ff702be3c79 20310->20312 20314 7ff702bdb464 __free_lconv_num 11 API calls 20311->20314 20313 7ff702bdb464 __free_lconv_num 11 API calls 20312->20313 20315 7ff702be3c77 FreeEnvironmentStringsW 20313->20315 20314->20315 20315->20298 20318 7ff702bda1dd 20317->20318 20319 7ff702bdfe04 _get_daylight 11 API calls 20318->20319 20326 7ff702bda213 20319->20326 20320 7ff702bdb464 __free_lconv_num 11 API calls 20322 7ff702bda113 20320->20322 20321 7ff702bda28e 20323 7ff702bdb464 __free_lconv_num 11 API calls 20321->20323 20322->20280 20323->20322 20324 7ff702bdfe04 _get_daylight 11 API calls 20324->20326 20325 7ff702bda27d 20328 7ff702bda3e4 11 API calls 20325->20328 20326->20321 20326->20324 20326->20325 20327 7ff702bdb3ac __std_exception_copy 37 API calls 20326->20327 20331 7ff702bda2b3 20326->20331 20332 7ff702bda21b 20326->20332 20334 7ff702bdb464 __free_lconv_num 11 API calls 20326->20334 20327->20326 20329 7ff702bda285 20328->20329 20330 7ff702bdb464 __free_lconv_num 11 API calls 20329->20330 20330->20332 20333 7ff702bdb844 _isindst 17 API calls 20331->20333 20332->20320 20335 7ff702bda2c6 20333->20335 20334->20326 20337 7ff702bdc135 FlsGetValue 20336->20337 20338 7ff702bdc150 FlsSetValue 20336->20338 20339 7ff702bdc142 20337->20339 20340 7ff702bdc14a 20337->20340 20338->20339 20341 7ff702bdc15d 20338->20341 20342 7ff702bdc148 20339->20342 20343 7ff702bdb40c _CallSETranslator 45 API calls 20339->20343 20340->20338 20344 7ff702bdfe04 _get_daylight 11 API calls 20341->20344 20356 7ff702be3534 20342->20356 20345 7ff702bdc1c5 20343->20345 20346 7ff702bdc16c 20344->20346 20347 7ff702bdc18a FlsSetValue 20346->20347 20348 7ff702bdc17a FlsSetValue 20346->20348 20349 7ff702bdc196 FlsSetValue 20347->20349 20350 7ff702bdc1a8 20347->20350 20351 7ff702bdc183 20348->20351 20349->20351 20352 7ff702bdbdfc _get_daylight 11 API calls 20350->20352 20353 7ff702bdb464 __free_lconv_num 11 API calls 20351->20353 20354 7ff702bdc1b0 20352->20354 20353->20339 20355 7ff702bdb464 __free_lconv_num 11 API calls 20354->20355 20355->20342 20379 7ff702be37a4 20356->20379 20358 7ff702be3569 20394 7ff702be3234 20358->20394 20361 7ff702be3586 20361->20296 20362 7ff702bde6c4 _fread_nolock 12 API calls 20363 7ff702be3597 20362->20363 20364 7ff702be359f 20363->20364 20366 7ff702be35ae 20363->20366 20365 7ff702bdb464 __free_lconv_num 11 API calls 20364->20365 20365->20361 20366->20366 20401 7ff702be38dc 20366->20401 20369 7ff702be36aa 20370 7ff702bd5e48 _get_daylight 11 API calls 20369->20370 20372 7ff702be36af 20370->20372 20371 7ff702be3705 20375 7ff702be376c 20371->20375 20412 7ff702be3064 20371->20412 20373 7ff702bdb464 __free_lconv_num 11 API calls 20372->20373 20373->20361 20374 7ff702be36c4 20374->20371 20376 7ff702bdb464 __free_lconv_num 11 API calls 20374->20376 20378 7ff702bdb464 __free_lconv_num 11 API calls 20375->20378 20376->20371 20378->20361 20380 7ff702be37c7 20379->20380 20381 7ff702be37d1 20380->20381 20427 7ff702be1548 EnterCriticalSection 20380->20427 20383 7ff702be3843 20381->20383 20386 7ff702bdb40c _CallSETranslator 45 API calls 20381->20386 20383->20358 20389 7ff702be385b 20386->20389 20390 7ff702be38b2 20389->20390 20391 7ff702bdc124 50 API calls 20389->20391 20390->20358 20392 7ff702be389c 20391->20392 20393 7ff702be3534 65 API calls 20392->20393 20393->20390 20395 7ff702bd5e8c 45 API calls 20394->20395 20396 7ff702be3248 20395->20396 20397 7ff702be3254 GetOEMCP 20396->20397 20398 7ff702be3266 20396->20398 20399 7ff702be327b 20397->20399 20398->20399 20400 7ff702be326b GetACP 20398->20400 20399->20361 20399->20362 20400->20399 20402 7ff702be3234 47 API calls 20401->20402 20403 7ff702be3909 20402->20403 20404 7ff702be3a5f 20403->20404 20406 7ff702be3946 IsValidCodePage 20403->20406 20411 7ff702be3960 memcpy_s 20403->20411 20405 7ff702bcbb10 _log10_special 8 API calls 20404->20405 20407 7ff702be36a1 20405->20407 20406->20404 20408 7ff702be3957 20406->20408 20407->20369 20407->20374 20409 7ff702be3986 GetCPInfo 20408->20409 20408->20411 20409->20404 20409->20411 20428 7ff702be334c 20411->20428 20484 7ff702be1548 EnterCriticalSection 20412->20484 20429 7ff702be3389 GetCPInfo 20428->20429 20430 7ff702be347f 20428->20430 20429->20430 20435 7ff702be339c 20429->20435 20431 7ff702bcbb10 _log10_special 8 API calls 20430->20431 20432 7ff702be351e 20431->20432 20432->20404 20433 7ff702be40b0 48 API calls 20434 7ff702be3413 20433->20434 20439 7ff702be8df4 20434->20439 20435->20433 20438 7ff702be8df4 54 API calls 20438->20430 20440 7ff702bd5e8c 45 API calls 20439->20440 20441 7ff702be8e19 20440->20441 20444 7ff702be8ac0 20441->20444 20445 7ff702be8b01 20444->20445 20446 7ff702be0b10 _fread_nolock MultiByteToWideChar 20445->20446 20447 7ff702be8b4b 20446->20447 20450 7ff702bde6c4 _fread_nolock 12 API calls 20447->20450 20451 7ff702be8dc9 20447->20451 20452 7ff702be8c81 20447->20452 20453 7ff702be8b83 20447->20453 20448 7ff702bcbb10 _log10_special 8 API calls 20449 7ff702be3446 20448->20449 20449->20438 20450->20453 20451->20448 20452->20451 20454 7ff702bdb464 __free_lconv_num 11 API calls 20452->20454 20453->20452 20455 7ff702be0b10 _fread_nolock MultiByteToWideChar 20453->20455 20454->20451 20456 7ff702be8bf6 20455->20456 20456->20452 20475 7ff702be0350 20456->20475 20459 7ff702be8c41 20459->20452 20461 7ff702be0350 __crtLCMapStringW 6 API calls 20459->20461 20460 7ff702be8c92 20462 7ff702bde6c4 _fread_nolock 12 API calls 20460->20462 20463 7ff702be8d64 20460->20463 20465 7ff702be8cb0 20460->20465 20461->20452 20462->20465 20463->20452 20464 7ff702bdb464 __free_lconv_num 11 API calls 20463->20464 20464->20452 20465->20452 20466 7ff702be0350 __crtLCMapStringW 6 API calls 20465->20466 20467 7ff702be8d30 20466->20467 20467->20463 20468 7ff702be8d66 20467->20468 20469 7ff702be8d50 20467->20469 20471 7ff702be1a58 WideCharToMultiByte 20468->20471 20470 7ff702be1a58 WideCharToMultiByte 20469->20470 20472 7ff702be8d5e 20470->20472 20471->20472 20472->20463 20473 7ff702be8d7e 20472->20473 20473->20452 20474 7ff702bdb464 __free_lconv_num 11 API calls 20473->20474 20474->20452 20476 7ff702bdff7c __crtLCMapStringW 5 API calls 20475->20476 20477 7ff702be038e 20476->20477 20480 7ff702be0396 20477->20480 20481 7ff702be043c 20477->20481 20479 7ff702be03ff LCMapStringW 20479->20480 20480->20452 20480->20459 20480->20460 20482 7ff702bdff7c __crtLCMapStringW 5 API calls 20481->20482 20483 7ff702be046a __crtLCMapStringW 20482->20483 20483->20479 20486 7ff702be7531 20485->20486 20487 7ff702be7548 20485->20487 20488 7ff702bd5e48 _get_daylight 11 API calls 20486->20488 20487->20486 20489 7ff702be7556 20487->20489 20490 7ff702be7536 20488->20490 20491 7ff702be7541 20489->20491 20493 7ff702bd5e8c 45 API calls 20489->20493 20492 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 20490->20492 20491->20168 20492->20491 20493->20491 20495 7ff702bd5e8c 45 API calls 20494->20495 20496 7ff702bea1e1 20495->20496 20499 7ff702be9e38 20496->20499 20502 7ff702be9e86 20499->20502 20500 7ff702bcbb10 _log10_special 8 API calls 20501 7ff702be8475 20500->20501 20501->20168 20501->20194 20503 7ff702be9f0d 20502->20503 20505 7ff702be9ef8 GetCPInfo 20502->20505 20508 7ff702be9f11 20502->20508 20504 7ff702be0b10 _fread_nolock MultiByteToWideChar 20503->20504 20503->20508 20506 7ff702be9fa5 20504->20506 20505->20503 20505->20508 20507 7ff702bde6c4 _fread_nolock 12 API calls 20506->20507 20506->20508 20509 7ff702be9fdc 20506->20509 20507->20509 20508->20500 20509->20508 20510 7ff702be0b10 _fread_nolock MultiByteToWideChar 20509->20510 20511 7ff702bea04a 20510->20511 20512 7ff702bea12c 20511->20512 20513 7ff702be0b10 _fread_nolock MultiByteToWideChar 20511->20513 20512->20508 20514 7ff702bdb464 __free_lconv_num 11 API calls 20512->20514 20515 7ff702bea070 20513->20515 20514->20508 20515->20512 20516 7ff702bde6c4 _fread_nolock 12 API calls 20515->20516 20517 7ff702bea09d 20515->20517 20516->20517 20517->20512 20518 7ff702be0b10 _fread_nolock MultiByteToWideChar 20517->20518 20519 7ff702bea114 20518->20519 20520 7ff702bea134 20519->20520 20521 7ff702bea11a 20519->20521 20528 7ff702be01d4 20520->20528 20521->20512 20523 7ff702bdb464 __free_lconv_num 11 API calls 20521->20523 20523->20512 20525 7ff702bea173 20525->20508 20527 7ff702bdb464 __free_lconv_num 11 API calls 20525->20527 20526 7ff702bdb464 __free_lconv_num 11 API calls 20526->20525 20527->20508 20529 7ff702bdff7c __crtLCMapStringW 5 API calls 20528->20529 20530 7ff702be0212 20529->20530 20531 7ff702be021a 20530->20531 20532 7ff702be043c __crtLCMapStringW 5 API calls 20530->20532 20531->20525 20531->20526 20533 7ff702be0283 CompareStringW 20532->20533 20533->20531 20535 7ff702be8eb1 20534->20535 20536 7ff702be8eca HeapSize 20534->20536 20537 7ff702bd5e48 _get_daylight 11 API calls 20535->20537 20538 7ff702be8eb6 20537->20538 20539 7ff702bdb824 _invalid_parameter_noinfo 37 API calls 20538->20539 20540 7ff702be8ec1 20539->20540 20540->20199 20542 7ff702be8f03 20541->20542 20543 7ff702be8ef9 20541->20543 20544 7ff702be8f08 20542->20544 20552 7ff702be8f0f _get_daylight 20542->20552 20545 7ff702bde6c4 _fread_nolock 12 API calls 20543->20545 20546 7ff702bdb464 __free_lconv_num 11 API calls 20544->20546 20550 7ff702be8f01 20545->20550 20546->20550 20547 7ff702be8f15 20549 7ff702bd5e48 _get_daylight 11 API calls 20547->20549 20548 7ff702be8f42 HeapReAlloc 20548->20550 20548->20552 20549->20550 20550->20203 20551 7ff702be4800 _get_daylight 2 API calls 20551->20552 20552->20547 20552->20548 20552->20551 20554 7ff702bdff7c __crtLCMapStringW 5 API calls 20553->20554 20555 7ff702be01b0 20554->20555 20555->20207 20557 7ff702bd64b6 20556->20557 20558 7ff702bd6492 20556->20558 20559 7ff702bd6510 20557->20559 20560 7ff702bd64bb 20557->20560 20562 7ff702bdb464 __free_lconv_num 11 API calls 20558->20562 20567 7ff702bd64a1 20558->20567 20561 7ff702be0b10 _fread_nolock MultiByteToWideChar 20559->20561 20563 7ff702bd64d0 20560->20563 20564 7ff702bdb464 __free_lconv_num 11 API calls 20560->20564 20560->20567 20571 7ff702bd652c 20561->20571 20562->20567 20565 7ff702bde6c4 _fread_nolock 12 API calls 20563->20565 20564->20563 20565->20567 20566 7ff702bd6533 GetLastError 20569 7ff702bd5dbc _fread_nolock 11 API calls 20566->20569 20567->20211 20567->20212 20568 7ff702bd656e 20568->20567 20572 7ff702be0b10 _fread_nolock MultiByteToWideChar 20568->20572 20573 7ff702bd6540 20569->20573 20570 7ff702bd6561 20576 7ff702bde6c4 _fread_nolock 12 API calls 20570->20576 20571->20566 20571->20568 20571->20570 20575 7ff702bdb464 __free_lconv_num 11 API calls 20571->20575 20577 7ff702bd65b2 20572->20577 20574 7ff702bd5e48 _get_daylight 11 API calls 20573->20574 20574->20567 20575->20570 20576->20568 20577->20566 20577->20567 20579 7ff702be9da1 __crtLCMapStringW 20578->20579 20580 7ff702be835e 20579->20580 20581 7ff702be01d4 6 API calls 20579->20581 20580->20266 20580->20267 20581->20580 21660 7ff702bebe53 21661 7ff702bebe63 21660->21661 21664 7ff702bd62e8 LeaveCriticalSection 21661->21664 21234 7ff702bdacd0 21237 7ff702bdac48 21234->21237 21244 7ff702be1548 EnterCriticalSection 21237->21244 21249 7ff702bdbed0 21250 7ff702bdbed5 21249->21250 21251 7ff702bdbeea 21249->21251 21255 7ff702bdbef0 21250->21255 21256 7ff702bdbf32 21255->21256 21257 7ff702bdbf3a 21255->21257 21258 7ff702bdb464 __free_lconv_num 11 API calls 21256->21258 21259 7ff702bdb464 __free_lconv_num 11 API calls 21257->21259 21258->21257 21260 7ff702bdbf47 21259->21260 21261 7ff702bdb464 __free_lconv_num 11 API calls 21260->21261 21262 7ff702bdbf54 21261->21262 21263 7ff702bdb464 __free_lconv_num 11 API calls 21262->21263 21264 7ff702bdbf61 21263->21264 21265 7ff702bdb464 __free_lconv_num 11 API calls 21264->21265 21266 7ff702bdbf6e 21265->21266 21267 7ff702bdb464 __free_lconv_num 11 API calls 21266->21267 21268 7ff702bdbf7b 21267->21268 21269 7ff702bdb464 __free_lconv_num 11 API calls 21268->21269 21270 7ff702bdbf88 21269->21270 21271 7ff702bdb464 __free_lconv_num 11 API calls 21270->21271 21272 7ff702bdbf95 21271->21272 21273 7ff702bdb464 __free_lconv_num 11 API calls 21272->21273 21274 7ff702bdbfa5 21273->21274 21275 7ff702bdb464 __free_lconv_num 11 API calls 21274->21275 21276 7ff702bdbfb5 21275->21276 21281 7ff702bdbd9c 21276->21281 21295 7ff702be1548 EnterCriticalSection 21281->21295 21297 7ff702be26d0 21315 7ff702be1548 EnterCriticalSection 21297->21315

                                                                    Executed Functions

                                                                    Function 00007FF702BC8020 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 0 7ff702bc8020-7ff702bc8166 call 7ff702bcbe10 call 7ff702bc8950 SetConsoleCtrlHandler GetStartupInfoW call 7ff702bd6260 call 7ff702bdb384 call 7ff702bd9658 call 7ff702bd6260 call 7ff702bdb384 call 7ff702bd9658 call 7ff702bd6260 call 7ff702bdb384 call 7ff702bd9658 GetCommandLineW CreateProcessW 23 7ff702bc818d-7ff702bc81c9 RegisterClassW 0->23 24 7ff702bc8168-7ff702bc8188 GetLastError call 7ff702bc2310 0->24 25 7ff702bc81d1-7ff702bc8225 CreateWindowExW 23->25 26 7ff702bc81cb GetLastError 23->26 31 7ff702bc8479-7ff702bc849f call 7ff702bcbb10 24->31 29 7ff702bc822f-7ff702bc8234 ShowWindow 25->29 30 7ff702bc8227-7ff702bc822d GetLastError 25->30 26->25 32 7ff702bc823a-7ff702bc824a WaitForSingleObject 29->32 30->32 34 7ff702bc824c 32->34 35 7ff702bc82c8-7ff702bc82cf 32->35 37 7ff702bc8250-7ff702bc8253 34->37 38 7ff702bc82d1-7ff702bc82e1 WaitForSingleObject 35->38 39 7ff702bc8312-7ff702bc8319 35->39 44 7ff702bc8255 GetLastError 37->44 45 7ff702bc825b-7ff702bc8262 37->45 40 7ff702bc82e7-7ff702bc82f7 TerminateProcess 38->40 41 7ff702bc8438-7ff702bc8442 38->41 42 7ff702bc831f-7ff702bc8335 QueryPerformanceFrequency QueryPerformanceCounter 39->42 43 7ff702bc8400-7ff702bc8419 GetMessageW 39->43 48 7ff702bc82ff-7ff702bc830d WaitForSingleObject 40->48 49 7ff702bc82f9 GetLastError 40->49 46 7ff702bc8444-7ff702bc844a DestroyWindow 41->46 47 7ff702bc8451-7ff702bc8475 GetExitCodeProcess CloseHandle * 2 41->47 50 7ff702bc8340-7ff702bc8378 MsgWaitForMultipleObjects PeekMessageW 42->50 52 7ff702bc842f-7ff702bc8436 43->52 53 7ff702bc841b-7ff702bc8429 TranslateMessage DispatchMessageW 43->53 44->45 45->38 51 7ff702bc8264-7ff702bc8281 PeekMessageW 45->51 46->47 47->31 48->41 49->48 54 7ff702bc83b3-7ff702bc83ba 50->54 55 7ff702bc837a 50->55 56 7ff702bc8283-7ff702bc82b4 TranslateMessage DispatchMessageW PeekMessageW 51->56 57 7ff702bc82b6-7ff702bc82c6 WaitForSingleObject 51->57 52->41 52->43 53->52 54->43 59 7ff702bc83bc-7ff702bc83e5 QueryPerformanceCounter 54->59 58 7ff702bc8380-7ff702bc83b1 TranslateMessage DispatchMessageW PeekMessageW 55->58 56->56 56->57 57->35 57->37 58->54 58->58 59->50 60 7ff702bc83eb-7ff702bc83f2 59->60 60->41 61 7ff702bc83f4-7ff702bc83f8 60->61 61->43
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorLastMessage$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                    • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                    • API String ID: 4208240515-3165540532
                                                                    • Opcode ID: 40a2b2c96db5062fbaff54aa02804a1320958b809a954de9be60782f8870c354
                                                                    • Instruction ID: b27cb1922b313632dfa80ec1e813d38f900e5a50e21edba1ba05d876f9724212
                                                                    • Opcode Fuzzy Hash: 40a2b2c96db5062fbaff54aa02804a1320958b809a954de9be60782f8870c354
                                                                    • Instruction Fuzzy Hash: 16D18333A08B8396EB10AF74EC542ADBB64FF84B58F944235DA4D46AA4EFBCD544C710
                                                                    Function 00007FF702BE7BD4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 564 7ff702be7bd4-7ff702be7c47 call 7ff702be7908 567 7ff702be7c61-7ff702be7c6b call 7ff702bd945c 564->567 568 7ff702be7c49-7ff702be7c52 call 7ff702bd5e28 564->568 574 7ff702be7c86-7ff702be7cef CreateFileW 567->574 575 7ff702be7c6d-7ff702be7c84 call 7ff702bd5e28 call 7ff702bd5e48 567->575 573 7ff702be7c55-7ff702be7c5c call 7ff702bd5e48 568->573 587 7ff702be7fa2-7ff702be7fc2 573->587 578 7ff702be7cf1-7ff702be7cf7 574->578 579 7ff702be7d6c-7ff702be7d77 GetFileType 574->579 575->573 584 7ff702be7d39-7ff702be7d67 GetLastError call 7ff702bd5dbc 578->584 585 7ff702be7cf9-7ff702be7cfd 578->585 581 7ff702be7dca-7ff702be7dd1 579->581 582 7ff702be7d79-7ff702be7db4 GetLastError call 7ff702bd5dbc CloseHandle 579->582 590 7ff702be7dd3-7ff702be7dd7 581->590 591 7ff702be7dd9-7ff702be7ddc 581->591 582->573 598 7ff702be7dba-7ff702be7dc5 call 7ff702bd5e48 582->598 584->573 585->584 592 7ff702be7cff-7ff702be7d37 CreateFileW 585->592 596 7ff702be7de2-7ff702be7e37 call 7ff702bd9374 590->596 591->596 597 7ff702be7dde 591->597 592->579 592->584 602 7ff702be7e56-7ff702be7e87 call 7ff702be7688 596->602 603 7ff702be7e39-7ff702be7e45 call 7ff702be7b10 596->603 597->596 598->573 610 7ff702be7e8d-7ff702be7ecf 602->610 611 7ff702be7e89-7ff702be7e8b 602->611 603->602 609 7ff702be7e47 603->609 612 7ff702be7e49-7ff702be7e51 call 7ff702bdb9c8 609->612 613 7ff702be7ef1-7ff702be7efc 610->613 614 7ff702be7ed1-7ff702be7ed5 610->614 611->612 612->587 617 7ff702be7fa0 613->617 618 7ff702be7f02-7ff702be7f06 613->618 614->613 616 7ff702be7ed7-7ff702be7eec 614->616 616->613 617->587 618->617 619 7ff702be7f0c-7ff702be7f51 CloseHandle CreateFileW 618->619 621 7ff702be7f53-7ff702be7f81 GetLastError call 7ff702bd5dbc call 7ff702bd959c 619->621 622 7ff702be7f86-7ff702be7f9b 619->622 621->622 622->617
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                    • String ID:
                                                                    • API String ID: 1617910340-0
                                                                    • Opcode ID: f7d25cc6398c99507331e2d119a18c280b6cb5988aed80ed714a7f2df808d279
                                                                    • Instruction ID: a7fda8c54976fd75a16a22f5c53a447f1fe8d0d95723764aca27035221115d95
                                                                    • Opcode Fuzzy Hash: f7d25cc6398c99507331e2d119a18c280b6cb5988aed80ed714a7f2df808d279
                                                                    • Instruction Fuzzy Hash: C6C1E333B28A4295EB10EF64D8806BCBB65EB48B98B804235DB1E5B7D4EF78D051D310
                                                                    Function 00007FF702BC7800 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                    • String ID: %s\*
                                                                    • API String ID: 1057558799-766152087
                                                                    • Opcode ID: 33e10a2293b6f66987fc751628de3762a02ba3a339ba911e57677f2f560f8a7f
                                                                    • Instruction ID: 85fa1bb2a44c91035035a35e4b06cc29877b295e9bb0a3e03b7d12d402008f7f
                                                                    • Opcode Fuzzy Hash: 33e10a2293b6f66987fc751628de3762a02ba3a339ba911e57677f2f560f8a7f
                                                                    • Instruction Fuzzy Hash: 3F419222A1C54391EE30BB21E8442B9E764FF94754FE00632D65D436A5EFBCE606DB10
                                                                    Function 00007FF702BC8840 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Find$CloseFileFirst
                                                                    • String ID:
                                                                    • API String ID: 2295610775-0
                                                                    • Opcode ID: c8bb1e00aee5117eaed99adb2432ba14ac7573cdfbb2fa81c580c042f8a510df
                                                                    • Instruction ID: ac595fb3468204ac8c7e034cd56bd027009d29519479f89c4a22c5006114a345
                                                                    • Opcode Fuzzy Hash: c8bb1e00aee5117eaed99adb2432ba14ac7573cdfbb2fa81c580c042f8a510df
                                                                    • Instruction Fuzzy Hash: 99F0A923A1C64286F7609B50BC55366B750FF84328F940335D66D02AD4DFBCD009C600
                                                                    Function 00007FF702BE1B38 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentFeaturePresentProcessProcessor
                                                                    • String ID:
                                                                    • API String ID: 1010374628-0
                                                                    • Opcode ID: de90d4660cad73c020d10a8b6ecdb18ed9fa62073eb22c4578e43967cc91730a
                                                                    • Instruction ID: 05c54b0a2cdf9227e4c0f5be0dc48366733c064a71990b9236b212eb7111d28d
                                                                    • Opcode Fuzzy Hash: de90d4660cad73c020d10a8b6ecdb18ed9fa62073eb22c4578e43967cc91730a
                                                                    • Instruction Fuzzy Hash: C9028123A1D64261FE25FB299C412BADE88AF41B98FD54535DE5D463D2FFBCA801C320
                                                                    Function 00007FF702BC1000 Relevance: 61.8, APIs: 3, Strings: 32, Instructions: 527COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorFileLastModuleName
                                                                    • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$hide-early$hide-late$minimize-early$minimize-late$pkg$pyi-contents-directory$pyi-hide-console$pyi-python-flag$pyi-runtime-tmpdir
                                                                    • API String ID: 2776309574-3325264605
                                                                    • Opcode ID: cd3ae3c9ed3c93515127a7f46fbe5956c44fe22ef922b38f02e12823f10c3f82
                                                                    • Instruction ID: 78e9a5254a71f7e72f8a13ac02fadba6ba38bca2382f999f8be9262e9a69643c
                                                                    • Opcode Fuzzy Hash: cd3ae3c9ed3c93515127a7f46fbe5956c44fe22ef922b38f02e12823f10c3f82
                                                                    • Instruction Fuzzy Hash: 8B428023A0C68391FA25BB20DC542F9EE95AF54744FD48072DA5E462E6FFECE544C320
                                                                    Function 00007FF702BC1930 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 357 7ff702bc1930-7ff702bc196b call 7ff702bc39d0 360 7ff702bc1971-7ff702bc19b1 call 7ff702bc73d0 357->360 361 7ff702bc1c2e-7ff702bc1c52 call 7ff702bcbb10 357->361 366 7ff702bc19b7-7ff702bc19c7 call 7ff702bcfc2c 360->366 367 7ff702bc1c1b-7ff702bc1c1e call 7ff702bcf5a4 360->367 372 7ff702bc19c9-7ff702bc19e3 call 7ff702bd5e48 call 7ff702bc2020 366->372 373 7ff702bc19e8-7ff702bc1a04 call 7ff702bcf8f4 366->373 371 7ff702bc1c23-7ff702bc1c2b 367->371 371->361 372->367 379 7ff702bc1a06-7ff702bc1a20 call 7ff702bd5e48 call 7ff702bc2020 373->379 380 7ff702bc1a25-7ff702bc1a3a call 7ff702bd5e68 373->380 379->367 386 7ff702bc1a3c-7ff702bc1a56 call 7ff702bd5e48 call 7ff702bc2020 380->386 387 7ff702bc1a5b-7ff702bc1adc call 7ff702bc1c60 * 2 call 7ff702bcfc2c 380->387 386->367 399 7ff702bc1ae1-7ff702bc1af4 call 7ff702bd5e84 387->399 402 7ff702bc1af6-7ff702bc1b10 call 7ff702bd5e48 call 7ff702bc2020 399->402 403 7ff702bc1b15-7ff702bc1b2e call 7ff702bcf8f4 399->403 402->367 409 7ff702bc1b30-7ff702bc1b4a call 7ff702bd5e48 call 7ff702bc2020 403->409 410 7ff702bc1b4f-7ff702bc1b6b call 7ff702bcf668 403->410 409->367 416 7ff702bc1b7e-7ff702bc1b8c 410->416 417 7ff702bc1b6d-7ff702bc1b79 call 7ff702bc1e50 410->417 416->367 420 7ff702bc1b92-7ff702bc1b99 416->420 417->367 423 7ff702bc1ba1-7ff702bc1ba7 420->423 424 7ff702bc1bc0-7ff702bc1bcf 423->424 425 7ff702bc1ba9-7ff702bc1bb6 423->425 424->424 426 7ff702bc1bd1-7ff702bc1bda 424->426 425->426 427 7ff702bc1bef 426->427 428 7ff702bc1bdc-7ff702bc1bdf 426->428 429 7ff702bc1bf1-7ff702bc1c04 427->429 428->427 430 7ff702bc1be1-7ff702bc1be4 428->430 431 7ff702bc1c06 429->431 432 7ff702bc1c0d-7ff702bc1c19 429->432 430->427 433 7ff702bc1be6-7ff702bc1be9 430->433 431->432 432->367 432->423 433->427 434 7ff702bc1beb-7ff702bc1bed 433->434 434->429
                                                                    APIs
                                                                      • Part of subcall function 00007FF702BC73D0: _fread_nolock.LIBCMT ref: 00007FF702BC747A
                                                                    • _fread_nolock.LIBCMT ref: 00007FF702BC19FB
                                                                      • Part of subcall function 00007FF702BC2020: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF702BC1B4A), ref: 00007FF702BC2070
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _fread_nolock$CurrentProcess
                                                                    • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                    • API String ID: 2397952137-3497178890
                                                                    • Opcode ID: f375aa3b5ce52aa88104ef8fcd1bb848994f70b47b28a42eb294ac42c1195ff9
                                                                    • Instruction ID: db7abb8c6fdc0addb32d814b1e0d94ec7b11bc29bb274bfe58d6f26752d261a3
                                                                    • Opcode Fuzzy Hash: f375aa3b5ce52aa88104ef8fcd1bb848994f70b47b28a42eb294ac42c1195ff9
                                                                    • Instruction Fuzzy Hash: 32817333A1868295EB10FB28D8412F9ABA1EF48744FE04036E94D57766FFBCE545CB20
                                                                    Function 00007FF702BC15E0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 435 7ff702bc15e0-7ff702bc15f1 436 7ff702bc15f3-7ff702bc15fc call 7ff702bc1030 435->436 437 7ff702bc1617-7ff702bc1631 call 7ff702bc39d0 435->437 444 7ff702bc160e-7ff702bc1616 436->444 445 7ff702bc15fe-7ff702bc1609 call 7ff702bc1e50 436->445 442 7ff702bc1662-7ff702bc167c call 7ff702bc39d0 437->442 443 7ff702bc1633-7ff702bc1661 call 7ff702bd5e48 call 7ff702bc2020 437->443 452 7ff702bc1698-7ff702bc16af call 7ff702bcfc2c 442->452 453 7ff702bc167e-7ff702bc1693 call 7ff702bc1e50 442->453 445->444 459 7ff702bc16b1-7ff702bc16d4 call 7ff702bd5e48 call 7ff702bc2020 452->459 460 7ff702bc16d9-7ff702bc16dd 452->460 461 7ff702bc1801-7ff702bc1804 call 7ff702bcf5a4 453->461 474 7ff702bc17f9-7ff702bc17fc call 7ff702bcf5a4 459->474 463 7ff702bc16df-7ff702bc16eb call 7ff702bc11f0 460->463 464 7ff702bc16f7-7ff702bc1717 call 7ff702bd5e84 460->464 469 7ff702bc1809-7ff702bc181b 461->469 471 7ff702bc16f0-7ff702bc16f2 463->471 475 7ff702bc1741-7ff702bc174c 464->475 476 7ff702bc1719-7ff702bc173c call 7ff702bd5e48 call 7ff702bc2020 464->476 471->474 474->461 477 7ff702bc17e2-7ff702bc17ea call 7ff702bd5e70 475->477 478 7ff702bc1752-7ff702bc1757 475->478 489 7ff702bc17ef-7ff702bc17f4 476->489 477->489 481 7ff702bc1760-7ff702bc1782 call 7ff702bcf8f4 478->481 490 7ff702bc1784-7ff702bc179c call 7ff702bd0034 481->490 491 7ff702bc17ba-7ff702bc17c6 call 7ff702bd5e48 481->491 489->474 497 7ff702bc17a5-7ff702bc17b8 call 7ff702bd5e48 490->497 498 7ff702bc179e-7ff702bc17a1 490->498 496 7ff702bc17cd-7ff702bc17d8 call 7ff702bc2020 491->496 503 7ff702bc17dd 496->503 497->496 498->481 500 7ff702bc17a3 498->500 500->503 503->477
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentProcess
                                                                    • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                    • API String ID: 2050909247-1550345328
                                                                    • Opcode ID: f98b8b74977cf6397417e11d303ef20924e6f827d283951ecb65a2408fe3ba19
                                                                    • Instruction ID: 6c3fda9fa586cda16dfc4e2b0ffa16a9437502aaed301bae1e1fff035b26938a
                                                                    • Opcode Fuzzy Hash: f98b8b74977cf6397417e11d303ef20924e6f827d283951ecb65a2408fe3ba19
                                                                    • Instruction Fuzzy Hash: E3518963A1864392EA10BB259C401A9AB91AF44B98FE44132EE1D177A6FFBCF545C320
                                                                    Function 00007FF702BC7CA0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • GetTempPathW.KERNEL32(FFFFFFFF,00000000,?,00007FF702BC3101), ref: 00007FF702BC7D44
                                                                    • GetCurrentProcessId.KERNEL32(?,00007FF702BC3101), ref: 00007FF702BC7D4A
                                                                    • CreateDirectoryW.KERNELBASE(?,00007FF702BC3101), ref: 00007FF702BC7D8C
                                                                      • Part of subcall function 00007FF702BC7E70: GetEnvironmentVariableW.KERNEL32(00007FF702BC2C4F), ref: 00007FF702BC7EA7
                                                                      • Part of subcall function 00007FF702BC7E70: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF702BC7EC9
                                                                      • Part of subcall function 00007FF702BD9174: _invalid_parameter_noinfo.LIBCMT ref: 00007FF702BD918D
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Environment$CreateCurrentDirectoryExpandPathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                    • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                    • API String ID: 365913792-1339014028
                                                                    • Opcode ID: ffb589f732eab392f51c917e2ec5332ba92e64a2874c8252f98761f4106046c7
                                                                    • Instruction ID: ed4af14a9f2a48c0e4d1094f088c2bc4eefdf5a1c49b545f5dd2aa417dfcaee7
                                                                    • Opcode Fuzzy Hash: ffb589f732eab392f51c917e2ec5332ba92e64a2874c8252f98761f4106046c7
                                                                    • Instruction Fuzzy Hash: C0419D63A1968351EA20FB259C552F9EA59AF857C4FE00031EA0D477E6FFBCE501D720
                                                                    Function 00007FF702BC11F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 627 7ff702bc11f0-7ff702bc124d call 7ff702bcb340 630 7ff702bc124f-7ff702bc1276 call 7ff702bc1e50 627->630 631 7ff702bc1277-7ff702bc128f call 7ff702bd5e84 627->631 636 7ff702bc1291-7ff702bc12af call 7ff702bd5e48 call 7ff702bc2020 631->636 637 7ff702bc12b4-7ff702bc12c4 call 7ff702bd5e84 631->637 648 7ff702bc1419-7ff702bc144d call 7ff702bcb020 call 7ff702bd5e70 * 2 636->648 642 7ff702bc12c6-7ff702bc12e4 call 7ff702bd5e48 call 7ff702bc2020 637->642 643 7ff702bc12e9-7ff702bc12fb 637->643 642->648 646 7ff702bc1300-7ff702bc1325 call 7ff702bcf8f4 643->646 656 7ff702bc1411 646->656 657 7ff702bc132b-7ff702bc1335 call 7ff702bcf668 646->657 656->648 657->656 663 7ff702bc133b-7ff702bc1347 657->663 664 7ff702bc1350-7ff702bc1378 call 7ff702bc9780 663->664 668 7ff702bc13f6-7ff702bc140c call 7ff702bc1e50 664->668 669 7ff702bc137a-7ff702bc137d 664->669 668->656 670 7ff702bc13f1 669->670 671 7ff702bc137f-7ff702bc1389 669->671 670->668 673 7ff702bc13b4-7ff702bc13b7 671->673 674 7ff702bc138b-7ff702bc1399 call 7ff702bd0034 671->674 676 7ff702bc13ca-7ff702bc13cf 673->676 677 7ff702bc13b9-7ff702bc13c7 call 7ff702beb0a0 673->677 679 7ff702bc139e-7ff702bc13a1 674->679 676->664 678 7ff702bc13d5-7ff702bc13d8 676->678 677->676 681 7ff702bc13da-7ff702bc13dd 678->681 682 7ff702bc13ec-7ff702bc13ef 678->682 683 7ff702bc13af-7ff702bc13b2 679->683 684 7ff702bc13a3-7ff702bc13ad call 7ff702bcf668 679->684 681->668 686 7ff702bc13df-7ff702bc13e7 681->686 682->656 683->668 684->676 684->683 686->646
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentProcess
                                                                    • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                    • API String ID: 2050909247-2813020118
                                                                    • Opcode ID: 738a6b09aa91e2b50cb98fd47187f812ef7eb728d28b93d7fe5c5c8b50e8b775
                                                                    • Instruction ID: 19fab644a71f18829aa89299729bc279236771a610fe9cee9b93a98d3d1e7654
                                                                    • Opcode Fuzzy Hash: 738a6b09aa91e2b50cb98fd47187f812ef7eb728d28b93d7fe5c5c8b50e8b775
                                                                    • Instruction Fuzzy Hash: 9C512963A1864255EA20BB25AC403BAEA91FF84798FE44135ED4D477E6FFBCE401C710
                                                                    Function 00007FF702BDFF7C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF702BE0316,?,?,-00000018,00007FF702BDBC5B,?,?,?,00007FF702BDBB52,?,?,?,00007FF702BD6EFE), ref: 00007FF702BE00F8
                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF702BE0316,?,?,-00000018,00007FF702BDBC5B,?,?,?,00007FF702BDBB52,?,?,?,00007FF702BD6EFE), ref: 00007FF702BE0104
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: AddressFreeLibraryProc
                                                                    • String ID: api-ms-$ext-ms-
                                                                    • API String ID: 3013587201-537541572
                                                                    • Opcode ID: d956f0b8ec152b18ca11aa0aed68125bebf2684d60339ba7369f52f17a1fcfe1
                                                                    • Instruction ID: e5b03fe6866c1a0ba051f6c6991a9d19dc0e13fbfa16cf0f36a462e817886dde
                                                                    • Opcode Fuzzy Hash: d956f0b8ec152b18ca11aa0aed68125bebf2684d60339ba7369f52f17a1fcfe1
                                                                    • Instruction Fuzzy Hash: 4F414423B09A0261EE11FB16AC106B5AB91BF08BA4F890535CD0DA7789FFFDE445C320
                                                                    Function 00007FF702BC2A70 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • GetModuleFileNameW.KERNEL32(?,00007FF702BC2BC5), ref: 00007FF702BC2AA1
                                                                    • GetLastError.KERNEL32(?,00007FF702BC2BC5), ref: 00007FF702BC2AAB
                                                                      • Part of subcall function 00007FF702BC2310: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF702BC2AC6,?,00007FF702BC2BC5), ref: 00007FF702BC2360
                                                                      • Part of subcall function 00007FF702BC2310: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF702BC2AC6,?,00007FF702BC2BC5), ref: 00007FF702BC241A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentErrorFileFormatLastMessageModuleNameProcess
                                                                    • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                    • API String ID: 4002088556-2863816727
                                                                    • Opcode ID: 093d1e49c6a3f32bbd7db28c580ca23961d52f0e240546522d41da137270d6a4
                                                                    • Instruction ID: 2a0a2b001211ac17a00026c0f86ccc7b4d7bbbd93ee7121162a4f4f6a3b47b2b
                                                                    • Opcode Fuzzy Hash: 093d1e49c6a3f32bbd7db28c580ca23961d52f0e240546522d41da137270d6a4
                                                                    • Instruction Fuzzy Hash: D221B763B1C64291FA24BB24EC103BAAA50BF48358FD00132E95D865FAFFACE504C320
                                                                    Function 00007FF702BDC95C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 772 7ff702bdc95c-7ff702bdc982 773 7ff702bdc984-7ff702bdc998 call 7ff702bd5e28 call 7ff702bd5e48 772->773 774 7ff702bdc99d-7ff702bdc9a1 772->774 788 7ff702bdcd8e 773->788 775 7ff702bdcd77-7ff702bdcd83 call 7ff702bd5e28 call 7ff702bd5e48 774->775 776 7ff702bdc9a7-7ff702bdc9ae 774->776 795 7ff702bdcd89 call 7ff702bdb824 775->795 776->775 778 7ff702bdc9b4-7ff702bdc9e2 776->778 778->775 781 7ff702bdc9e8-7ff702bdc9ef 778->781 784 7ff702bdc9f1-7ff702bdca03 call 7ff702bd5e28 call 7ff702bd5e48 781->784 785 7ff702bdca08-7ff702bdca0b 781->785 784->795 791 7ff702bdcd73-7ff702bdcd75 785->791 792 7ff702bdca11-7ff702bdca17 785->792 793 7ff702bdcd91-7ff702bdcda8 788->793 791->793 792->791 796 7ff702bdca1d-7ff702bdca20 792->796 795->788 796->784 799 7ff702bdca22-7ff702bdca47 796->799 801 7ff702bdca7a-7ff702bdca81 799->801 802 7ff702bdca49-7ff702bdca4b 799->802 803 7ff702bdca83-7ff702bdcaab call 7ff702bde6c4 call 7ff702bdb464 * 2 801->803 804 7ff702bdca56-7ff702bdca6d call 7ff702bd5e28 call 7ff702bd5e48 call 7ff702bdb824 801->804 805 7ff702bdca72-7ff702bdca78 802->805 806 7ff702bdca4d-7ff702bdca54 802->806 837 7ff702bdcaad-7ff702bdcac3 call 7ff702bd5e48 call 7ff702bd5e28 803->837 838 7ff702bdcac8-7ff702bdcaf3 call 7ff702bdd184 803->838 834 7ff702bdcc00 804->834 808 7ff702bdcaf8-7ff702bdcb0f 805->808 806->804 806->805 811 7ff702bdcb11-7ff702bdcb19 808->811 812 7ff702bdcb8a-7ff702bdcb94 call 7ff702be4b8c 808->812 811->812 816 7ff702bdcb1b-7ff702bdcb1d 811->816 823 7ff702bdcc1e 812->823 824 7ff702bdcb9a-7ff702bdcbaf 812->824 816->812 820 7ff702bdcb1f-7ff702bdcb35 816->820 820->812 825 7ff702bdcb37-7ff702bdcb43 820->825 827 7ff702bdcc23-7ff702bdcc43 ReadFile 823->827 824->823 829 7ff702bdcbb1-7ff702bdcbc3 GetConsoleMode 824->829 825->812 830 7ff702bdcb45-7ff702bdcb47 825->830 832 7ff702bdcd3d-7ff702bdcd46 GetLastError 827->832 833 7ff702bdcc49-7ff702bdcc51 827->833 829->823 835 7ff702bdcbc5-7ff702bdcbcd 829->835 830->812 836 7ff702bdcb49-7ff702bdcb61 830->836 843 7ff702bdcd63-7ff702bdcd66 832->843 844 7ff702bdcd48-7ff702bdcd5e call 7ff702bd5e48 call 7ff702bd5e28 832->844 833->832 840 7ff702bdcc57 833->840 845 7ff702bdcc03-7ff702bdcc0d call 7ff702bdb464 834->845 835->827 842 7ff702bdcbcf-7ff702bdcbf1 ReadConsoleW 835->842 836->812 846 7ff702bdcb63-7ff702bdcb6f 836->846 837->834 838->808 850 7ff702bdcc5e-7ff702bdcc73 840->850 852 7ff702bdcbf3 GetLastError 842->852 853 7ff702bdcc12-7ff702bdcc1c 842->853 847 7ff702bdcd6c-7ff702bdcd6e 843->847 848 7ff702bdcbf9-7ff702bdcbfb call 7ff702bd5dbc 843->848 844->834 845->793 846->812 856 7ff702bdcb71-7ff702bdcb73 846->856 847->845 848->834 850->845 859 7ff702bdcc75-7ff702bdcc80 850->859 852->848 853->850 856->812 857 7ff702bdcb75-7ff702bdcb85 856->857 857->812 864 7ff702bdcc82-7ff702bdcc9b call 7ff702bdc574 859->864 865 7ff702bdcca7-7ff702bdccaf 859->865 872 7ff702bdcca0-7ff702bdcca2 864->872 868 7ff702bdccb1-7ff702bdccc3 865->868 869 7ff702bdcd2b-7ff702bdcd38 call 7ff702bdc3b4 865->869 873 7ff702bdccc5 868->873 874 7ff702bdcd1e-7ff702bdcd26 868->874 869->872 872->845 876 7ff702bdccca-7ff702bdccd1 873->876 874->845 877 7ff702bdccd3-7ff702bdccd7 876->877 878 7ff702bdcd0d-7ff702bdcd18 876->878 879 7ff702bdccf3 877->879 880 7ff702bdccd9-7ff702bdcce0 877->880 878->874 881 7ff702bdccf9-7ff702bdcd09 879->881 880->879 882 7ff702bdcce2-7ff702bdcce6 880->882 881->876 884 7ff702bdcd0b 881->884 882->879 883 7ff702bdcce8-7ff702bdccf1 882->883 883->881 884->874
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: e215fe86d7b0e6e2d08488d11c6944312657e99f94033e5188670243fcaba875
                                                                    • Instruction ID: 1ec243fe832c4d14c1ac85819ce22c0f19b85ea2139d8b4ada47d26f7da2d6ed
                                                                    • Opcode Fuzzy Hash: e215fe86d7b0e6e2d08488d11c6944312657e99f94033e5188670243fcaba875
                                                                    • Instruction Fuzzy Hash: F9C1A023A0CA8651E761AB1598442FDAF54EF85B80FD94132DA4E07791FFFCE845C760
                                                                    Function 00007FF702BC7BB0 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                    • String ID:
                                                                    • API String ID: 995526605-0
                                                                    • Opcode ID: 4b16fab3d36e05ad3a3445a5c074aa8767ee98c8fbd83efe929b6b0b20bb971a
                                                                    • Instruction ID: 8cfc813de7c238c15db4b6dd04aec45e2e28291219666565753c9ca9a463578d
                                                                    • Opcode Fuzzy Hash: 4b16fab3d36e05ad3a3445a5c074aa8767ee98c8fbd83efe929b6b0b20bb971a
                                                                    • Instruction Fuzzy Hash: CD216733A0CA4342EB10AB55E85012AEBA5EF857E4F940235D66D47AF5EFFCD445CB10
                                                                    Function 00007FF702BC85C0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                      • Part of subcall function 00007FF702BC7BB0: GetCurrentProcess.KERNEL32 ref: 00007FF702BC7BD0
                                                                      • Part of subcall function 00007FF702BC7BB0: OpenProcessToken.ADVAPI32 ref: 00007FF702BC7BE3
                                                                      • Part of subcall function 00007FF702BC7BB0: GetTokenInformation.KERNELBASE ref: 00007FF702BC7C08
                                                                      • Part of subcall function 00007FF702BC7BB0: GetLastError.KERNEL32 ref: 00007FF702BC7C12
                                                                      • Part of subcall function 00007FF702BC7BB0: GetTokenInformation.KERNELBASE ref: 00007FF702BC7C52
                                                                      • Part of subcall function 00007FF702BC7BB0: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF702BC7C6E
                                                                      • Part of subcall function 00007FF702BC7BB0: CloseHandle.KERNEL32 ref: 00007FF702BC7C86
                                                                    • LocalFree.KERNEL32(00000000,00007FF702BC3099), ref: 00007FF702BC864C
                                                                    • LocalFree.KERNEL32 ref: 00007FF702BC8655
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                    • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                    • API String ID: 6828938-1529539262
                                                                    • Opcode ID: d798866db3bd5df2efb7bc743f04e88858d4d647152387f2e8ebfd41b25b19db
                                                                    • Instruction ID: b30d35bc0cfbd286186f1427ccc330db2c38be8d221cbff706af42f8342997a9
                                                                    • Opcode Fuzzy Hash: d798866db3bd5df2efb7bc743f04e88858d4d647152387f2e8ebfd41b25b19db
                                                                    • Instruction Fuzzy Hash: 98217133A0864291FA10BB10ED113FAEA64EF88780FD44035EA4D53BA6EFBCD544C760
                                                                    Function 00007FF702BDDE60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 991 7ff702bdde60-7ff702bdde85 992 7ff702bde153 991->992 993 7ff702bdde8b-7ff702bdde8e 991->993 996 7ff702bde155-7ff702bde165 992->996 994 7ff702bdde90-7ff702bddec2 call 7ff702bdb758 993->994 995 7ff702bddec7-7ff702bddef3 993->995 994->996 998 7ff702bddef5-7ff702bddefc 995->998 999 7ff702bddefe-7ff702bddf04 995->999 998->994 998->999 1001 7ff702bddf14-7ff702bddf29 call 7ff702be4b8c 999->1001 1002 7ff702bddf06-7ff702bddf0f call 7ff702bdd220 999->1002 1006 7ff702bde043-7ff702bde04c 1001->1006 1007 7ff702bddf2f-7ff702bddf38 1001->1007 1002->1001 1009 7ff702bde0a0-7ff702bde0c5 WriteFile 1006->1009 1010 7ff702bde04e-7ff702bde054 1006->1010 1007->1006 1008 7ff702bddf3e-7ff702bddf42 1007->1008 1011 7ff702bddf44-7ff702bddf4c call 7ff702bd5270 1008->1011 1012 7ff702bddf53-7ff702bddf5e 1008->1012 1013 7ff702bde0d0 1009->1013 1014 7ff702bde0c7-7ff702bde0cd GetLastError 1009->1014 1015 7ff702bde056-7ff702bde059 1010->1015 1016 7ff702bde08c-7ff702bde09e call 7ff702bdd918 1010->1016 1011->1012 1018 7ff702bddf60-7ff702bddf69 1012->1018 1019 7ff702bddf6f-7ff702bddf84 GetConsoleMode 1012->1019 1021 7ff702bde0d3 1013->1021 1014->1013 1022 7ff702bde05b-7ff702bde05e 1015->1022 1023 7ff702bde078-7ff702bde08a call 7ff702bddb38 1015->1023 1038 7ff702bde030-7ff702bde037 1016->1038 1018->1006 1018->1019 1028 7ff702bde03c 1019->1028 1029 7ff702bddf8a-7ff702bddf90 1019->1029 1031 7ff702bde0d8 1021->1031 1024 7ff702bde0e4-7ff702bde0ee 1022->1024 1025 7ff702bde064-7ff702bde076 call 7ff702bdda1c 1022->1025 1023->1038 1032 7ff702bde0f0-7ff702bde0f5 1024->1032 1033 7ff702bde14c-7ff702bde151 1024->1033 1025->1038 1028->1006 1036 7ff702bddf96-7ff702bddf99 1029->1036 1037 7ff702bde019-7ff702bde02b call 7ff702bdd4a0 1029->1037 1039 7ff702bde0dd 1031->1039 1040 7ff702bde123-7ff702bde12d 1032->1040 1041 7ff702bde0f7-7ff702bde0fa 1032->1041 1033->996 1043 7ff702bddfa4-7ff702bddfb2 1036->1043 1044 7ff702bddf9b-7ff702bddf9e 1036->1044 1037->1038 1038->1031 1039->1024 1048 7ff702bde134-7ff702bde143 1040->1048 1049 7ff702bde12f-7ff702bde132 1040->1049 1046 7ff702bde113-7ff702bde11e call 7ff702bd5e04 1041->1046 1047 7ff702bde0fc-7ff702bde10b 1041->1047 1050 7ff702bddfb4 1043->1050 1051 7ff702bde010-7ff702bde014 1043->1051 1044->1039 1044->1043 1046->1040 1047->1046 1048->1033 1049->992 1049->1048 1053 7ff702bddfb8-7ff702bddfcf call 7ff702be4c58 1050->1053 1051->1021 1057 7ff702bddfd1-7ff702bddfdd 1053->1057 1058 7ff702bde007-7ff702bde00d GetLastError 1053->1058 1059 7ff702bddfdf-7ff702bddff1 call 7ff702be4c58 1057->1059 1060 7ff702bddffc-7ff702bde003 1057->1060 1058->1051 1059->1058 1064 7ff702bddff3-7ff702bddffa 1059->1064 1060->1051 1062 7ff702bde005 1060->1062 1062->1053 1064->1060
                                                                    APIs
                                                                    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF702BDDE4B), ref: 00007FF702BDDF7C
                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF702BDDE4B), ref: 00007FF702BDE007
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: ConsoleErrorLastMode
                                                                    • String ID:
                                                                    • API String ID: 953036326-0
                                                                    • Opcode ID: 25026d299ec132fa7e986de3a50f80dd4a1c565eb46710a002b358a032e27337
                                                                    • Instruction ID: dda100d08237e5e6017114d62da0f38eb52373f816f33f9c069e6c91fe482bb6
                                                                    • Opcode Fuzzy Hash: 25026d299ec132fa7e986de3a50f80dd4a1c565eb46710a002b358a032e27337
                                                                    • Instruction Fuzzy Hash: 5F91A333B0865285F764AB6598402FDAFA4AF44B88FD44139DE4E5BA84FFBCD485C720
                                                                    Function 00007FF702BD65E4 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 1279662727-0
                                                                    • Opcode ID: a7851f35165aa053145fe01894016aececa3f2381e8a001c745c02259ff3d92e
                                                                    • Instruction ID: c15f3367c1bad4aabace49c88a3ad5225b816685a8b35280d46fe8fad62554c8
                                                                    • Opcode Fuzzy Hash: a7851f35165aa053145fe01894016aececa3f2381e8a001c745c02259ff3d92e
                                                                    • Instruction Fuzzy Hash: E1418623D1874283E754AB60A9503E9BB64FF95764F509334E69C03AD5FFACA5E0C720
                                                                    Function 00007FF702BDA968 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Process$CurrentExitTerminate
                                                                    • String ID:
                                                                    • API String ID: 1703294689-0
                                                                    • Opcode ID: 823bef23182f8f61d7efa7880482c28a4a7867c446eada0463010af46261c3c5
                                                                    • Instruction ID: 3548d4c8420f759835ea649a4e3d99a252fb513f5e0ec79c870e2a2e71d69059
                                                                    • Opcode Fuzzy Hash: 823bef23182f8f61d7efa7880482c28a4a7867c446eada0463010af46261c3c5
                                                                    • Instruction Fuzzy Hash: E9D09E16B0860352EE183B705C952B9DB555F8C715F812838C98F0A393FFEDE489C631
                                                                    Function 00007FF702BCF694 Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: 141dc46c6224036006d776e19841065f05dd1418e65b387591b1a003cf84bd0f
                                                                    • Instruction ID: 60a6eca4e73937aed6a0dd793ba7e047b55e35b307a5836b25223520e34d7363
                                                                    • Opcode Fuzzy Hash: 141dc46c6224036006d776e19841065f05dd1418e65b387591b1a003cf84bd0f
                                                                    • Instruction Fuzzy Hash: 1B51BB73B0D24286EA24BB259C00679A992BF44BA4FB44636DD6D47BE5EF7CE401C720
                                                                    Function 00007FF702BCC1FC Relevance: 3.1, APIs: 2, Instructions: 102COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                    • String ID:
                                                                    • API String ID: 1236291503-0
                                                                    • Opcode ID: bbbb43f9e1356fc36a8983c03ebcc8b7addcb0e166801d8c410c30bb16f29642
                                                                    • Instruction ID: 04bf8d91d214c8dac598ca573fd1cd12c16fd75e37a37c6da58bb5dfcde36ebd
                                                                    • Opcode Fuzzy Hash: bbbb43f9e1356fc36a8983c03ebcc8b7addcb0e166801d8c410c30bb16f29642
                                                                    • Instruction Fuzzy Hash: DA311B23E0C10342EA14BB65AD513BA9F91AFA5B84FD45036E54D4B2E7FFECA804C274
                                                                    Function 00007FF702BDD318 Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: FileHandleType
                                                                    • String ID:
                                                                    • API String ID: 3000768030-0
                                                                    • Opcode ID: b01a8b1655aeb6f71db35254c5ecf6a703e147159c44eee076082fbba724bcfb
                                                                    • Instruction ID: 34d37871f103d212567329c54f56d5bdcf5b96bfbb2c6586863f09ca944994b8
                                                                    • Opcode Fuzzy Hash: b01a8b1655aeb6f71db35254c5ecf6a703e147159c44eee076082fbba724bcfb
                                                                    • Instruction Fuzzy Hash: C5319723A18B4792D764AB1589801B9AE50FF45BB0FA44339DBAE473E0EF78E461D310
                                                                    Function 00007FF702BDD034 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetFilePointerEx.KERNELBASE(?,?,?,?,?,00007FF702BDD020,?,?,?,?,?,00007FF702BDD129), ref: 00007FF702BDD080
                                                                    • GetLastError.KERNEL32(?,?,?,?,?,00007FF702BDD020,?,?,?,?,?,00007FF702BDD129), ref: 00007FF702BDD08A
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorFileLastPointer
                                                                    • String ID:
                                                                    • API String ID: 2976181284-0
                                                                    • Opcode ID: fb6a81950565da05b050a92576ed7c02e19ce8787ed1f1a96796d90f6b6408b2
                                                                    • Instruction ID: ccbb47ea87ae9a4241c6d7c6fab91c4e97ca78eab4f840c56d2d97cd447c1bb9
                                                                    • Opcode Fuzzy Hash: fb6a81950565da05b050a92576ed7c02e19ce8787ed1f1a96796d90f6b6408b2
                                                                    • Instruction Fuzzy Hash: AC11E663608A8281DB10AB25AC500A9EB51AF80BF4FD40331EABD0B7D5EFBCD041C714
                                                                    Function 00007FF702BDB464 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • RtlFreeHeap.NTDLL(?,?,?,00007FF702BE3F92,?,?,?,00007FF702BE3FCF,?,?,00000000,00007FF702BE4495,?,?,?,00007FF702BE43C7), ref: 00007FF702BDB47A
                                                                    • GetLastError.KERNEL32(?,?,?,00007FF702BE3F92,?,?,?,00007FF702BE3FCF,?,?,00000000,00007FF702BE4495,?,?,?,00007FF702BE43C7), ref: 00007FF702BDB484
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorFreeHeapLast
                                                                    • String ID:
                                                                    • API String ID: 485612231-0
                                                                    • Opcode ID: bcb6ed366288f57e679071cac10841f4f6d99062b1a4c36b0c72b5ea8c3cbe48
                                                                    • Instruction ID: 5b8511c8fdbbf3b936db066441dd08bd74bd4058a82f1fd0bebf3a6f40017e42
                                                                    • Opcode Fuzzy Hash: bcb6ed366288f57e679071cac10841f4f6d99062b1a4c36b0c72b5ea8c3cbe48
                                                                    • Instruction Fuzzy Hash: 63E0BF52E0960353FF15BBB19C950B999555F58744BC44534D90D46252FFAC7445C730
                                                                    Function 00007FF702BDBA60 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CloseHandle.KERNELBASE(?,?,?,00007FF702BDB8DD,?,?,00000000,00007FF702BDB992), ref: 00007FF702BDBACE
                                                                    • GetLastError.KERNEL32(?,?,?,00007FF702BDB8DD,?,?,00000000,00007FF702BDB992), ref: 00007FF702BDBAD8
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CloseErrorHandleLast
                                                                    • String ID:
                                                                    • API String ID: 918212764-0
                                                                    • Opcode ID: ee1f6f2c17bcac9912aebe9a75d3c59e1af1689cfc13c1c78b5a219ca8e97850
                                                                    • Instruction ID: 29d28b3ffba39dcb4dd682ba182011c77d488e235df0be2d252830ef76c80ea9
                                                                    • Opcode Fuzzy Hash: ee1f6f2c17bcac9912aebe9a75d3c59e1af1689cfc13c1c78b5a219ca8e97850
                                                                    • Instruction Fuzzy Hash: B5218716B0868241FEA477659C902FD9E819F84798FC54235DA2E477D5FFECE445C320
                                                                    Function 00007FF702BDCDAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: cf3d959f73a155a0d737dce44897d7a2acb78217b54b69b3c35a670fde34ce7f
                                                                    • Instruction ID: 8664c95c634b98df498147e792c10fc22986914c0c79171796b1e05c590bf88b
                                                                    • Opcode Fuzzy Hash: cf3d959f73a155a0d737dce44897d7a2acb78217b54b69b3c35a670fde34ce7f
                                                                    • Instruction Fuzzy Hash: FE41B37390824187EA34AB29AD402B9FFA0EF55B54F900132D68E83691FFADF402D761
                                                                    Function 00007FF702BC73D0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _fread_nolock
                                                                    • String ID:
                                                                    • API String ID: 840049012-0
                                                                    • Opcode ID: 024a65eceea4021ca9242a00480abe65ac50bece6db994538720df64ffac909c
                                                                    • Instruction ID: 1a31b872edde196dc9029ef49cb7619c94522bcdb9fc79faf9f544eebb261459
                                                                    • Opcode Fuzzy Hash: 024a65eceea4021ca9242a00480abe65ac50bece6db994538720df64ffac909c
                                                                    • Instruction Fuzzy Hash: 96219122B0869246FA10BB22AC047BADE45BF45BD8FDC4030ED4D06B96EFBCE042C710
                                                                    Function 00007FF702BDC83C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: 91dc31986c532176c65ca0e3ff35a3bba52d03db3277bf6d72548c5eb48738d3
                                                                    • Instruction ID: 2454af0b3360be26d4956bd5a64d00f7243cca1d650a92a4467df902817ed92e
                                                                    • Opcode Fuzzy Hash: 91dc31986c532176c65ca0e3ff35a3bba52d03db3277bf6d72548c5eb48738d3
                                                                    • Instruction Fuzzy Hash: 54312C33A1861246E7617B659C413BDAE90AF84B64FD10236DA1D433D2FFBDE441C725
                                                                    Function 00007FF702BDA899 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: HandleModule$AddressFreeLibraryProc
                                                                    • String ID:
                                                                    • API String ID: 3947729631-0
                                                                    • Opcode ID: 78c35fc7c6e2b8000ddfa863f9affaf41ca53d2f0572e0ba78e1a207ed009a92
                                                                    • Instruction ID: 6d9b459eef2ca528fe1da554328a6e401b7e1b8cd1caa47fd90398c7dae6e901
                                                                    • Opcode Fuzzy Hash: 78c35fc7c6e2b8000ddfa863f9affaf41ca53d2f0572e0ba78e1a207ed009a92
                                                                    • Instruction Fuzzy Hash: EE21AE33A057468AEB24AF64C8402EC7BA0EF04718F850636D76D16AC9FFBCD584C764
                                                                    Function 00007FF702BD6F54 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: 0e1df9a836e05c53306103cf914f9f5afd0b17d2d4247778ac0f8a736a470cc7
                                                                    • Instruction ID: fc35673956fcc5fcd69b840517888db54ec0f035a057ea83604706e4ccf7529a
                                                                    • Opcode Fuzzy Hash: 0e1df9a836e05c53306103cf914f9f5afd0b17d2d4247778ac0f8a736a470cc7
                                                                    • Instruction Fuzzy Hash: 02111223A1C64282EA61BF61EC002F9EB64AF45B84FD44031EB4C57A96FFBDE451C761
                                                                    Function 00007FF702BE75C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: 705a0604598582430d769309be7d52bb613e0b4e097a3a0cc12fb03a34ef158b
                                                                    • Instruction ID: 6f5929a64f3212b60817587611c6e3e6d429ca2555b6f567a9c9262cf0ce38a6
                                                                    • Opcode Fuzzy Hash: 705a0604598582430d769309be7d52bb613e0b4e097a3a0cc12fb03a34ef158b
                                                                    • Instruction Fuzzy Hash: C121C873608A4257DB61AF28D840379FAA0EF84B58F940234D75D476DAEF7CD400DB10
                                                                    Function 00007FF702BCF914 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: 43297e0cb54a728217cf8f13d9f8c23c45e2da10c33361e46a2ef0799771412d
                                                                    • Instruction ID: 4aea5a3d174f405786de4d2ac6b1f9c675cc4829d44d5bc42435c1848b3e1e28
                                                                    • Opcode Fuzzy Hash: 43297e0cb54a728217cf8f13d9f8c23c45e2da10c33361e46a2ef0799771412d
                                                                    • Instruction Fuzzy Hash: 56018222A0874241E908BB529C011B9EA95BF45FE4F984672DF6C13BE6EFBCE501C710
                                                                    Function 00007FF702BD8E38 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: 1708b530f5072f472fe09baedec27f5756de37f3e343805e4a7815c0544b33da
                                                                    • Instruction ID: e47e2b6745664ed86da1e219e249a21f22e6027d364a68bebcd9ff68e135c563
                                                                    • Opcode Fuzzy Hash: 1708b530f5072f472fe09baedec27f5756de37f3e343805e4a7815c0544b33da
                                                                    • Instruction Fuzzy Hash: 43016D23E0D64242FE647B756D412BAE994AF00794FC44634EA1C826D6FFFCB442CA30
                                                                    Function 00007FF702BCC3DC Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF702BCC3F0
                                                                      • Part of subcall function 00007FF702BCCE18: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF702BCCE20
                                                                      • Part of subcall function 00007FF702BCCE18: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF702BCCE25
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                                                                    • String ID:
                                                                    • API String ID: 1208906642-0
                                                                    • Opcode ID: ececd82fc3177ae58a022cdb863293519d79894eaec9217f5cc72d6a823b184f
                                                                    • Instruction ID: 677a2f71e4151bcf2fd0b4071b904cd96b534dd878ae92d8bb503c60ab211387
                                                                    • Opcode Fuzzy Hash: ececd82fc3177ae58a022cdb863293519d79894eaec9217f5cc72d6a823b184f
                                                                    • Instruction Fuzzy Hash: 45E01223C0C20381FEA836202C422BA8E400F31308FE090BAD94D920E3BFAD3016E135
                                                                    Function 00007FF702BD9174 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: ca4321753697ca9e26add91f4c87d6fa1af88743aafd66e8485bee4c71de2195
                                                                    • Instruction ID: 380a77b3fc432894463cc28a86fa7507e290c80a3e1fbad7d793ee5d4de82341
                                                                    • Opcode Fuzzy Hash: ca4321753697ca9e26add91f4c87d6fa1af88743aafd66e8485bee4c71de2195
                                                                    • Instruction Fuzzy Hash: 8CE0B663A0861757F7293AA14D861F899504F18340FD44074DA18062C2FF9DB8869636
                                                                    Function 00007FF702BDFE04 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • HeapAlloc.KERNEL32(?,?,00000000,00007FF702BDC22A,?,?,?,00007FF702BD5E51,?,?,?,?,00007FF702BDB392), ref: 00007FF702BDFE59
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: AllocHeap
                                                                    • String ID:
                                                                    • API String ID: 4292702814-0
                                                                    • Opcode ID: e5baedaef9e1aefb999d7e678a491e2cb8f7af630fb86e3f47b81283e20e243b
                                                                    • Instruction ID: cd4312d4c077e9e76e3d0c1eaa84363bbe702d2dc129f0d241e27d95bb09fa28
                                                                    • Opcode Fuzzy Hash: e5baedaef9e1aefb999d7e678a491e2cb8f7af630fb86e3f47b81283e20e243b
                                                                    • Instruction Fuzzy Hash: C3F03752B1D20786FE547AA29D512F5DA905F48B80FC84430C90E8AA82FFACE580C230
                                                                    Function 00007FF702BDE6C4 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • HeapAlloc.KERNEL32(?,?,?,00007FF702BD0268,?,?,?,00007FF702BD18D2,?,?,?,?,?,00007FF702BD4595), ref: 00007FF702BDE702
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: AllocHeap
                                                                    • String ID:
                                                                    • API String ID: 4292702814-0
                                                                    • Opcode ID: c4f21c11c5720e62b677d9e99b1ce174dfbed18f849e52640c9a6f6ea7657029
                                                                    • Instruction ID: d283c4ec37b224172937106174fe6940711d74166f19a17f47fb880ff45db80e
                                                                    • Opcode Fuzzy Hash: c4f21c11c5720e62b677d9e99b1ce174dfbed18f849e52640c9a6f6ea7657029
                                                                    • Instruction Fuzzy Hash: 1AF0FE27A1D24745FEA87BA15D452F599915F447A0FC84630DA2E8A2C2FFACF440C630

                                                                    Non-executed Functions

                                                                    Function 00007FF702BC4C40 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetProcAddress.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4C50
                                                                    • GetLastError.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4C62
                                                                    • GetProcAddress.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4C99
                                                                    • GetLastError.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4CAB
                                                                    • GetProcAddress.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4CC4
                                                                    • GetLastError.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4CD6
                                                                    • GetProcAddress.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4CEF
                                                                    • GetLastError.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4D01
                                                                    • GetProcAddress.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4D1D
                                                                    • GetLastError.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4D2F
                                                                    • GetProcAddress.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4D4B
                                                                    • GetLastError.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4D5D
                                                                    • GetProcAddress.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4D79
                                                                    • GetLastError.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4D8B
                                                                    • GetProcAddress.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4DA7
                                                                    • GetLastError.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4DB9
                                                                    • GetProcAddress.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4DD5
                                                                    • GetLastError.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4DE7
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: AddressErrorLastProc
                                                                    • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                    • API String ID: 199729137-653951865
                                                                    • Opcode ID: 91fe38e706475bc85e8e17d1603b2dd44d209342b91b11e5c33006422c226cfa
                                                                    • Instruction ID: 32799c68156d35298d7425f570a5ede5f7c4ffafbae66ceaacb060627a6f1b5e
                                                                    • Opcode Fuzzy Hash: 91fe38e706475bc85e8e17d1603b2dd44d209342b91b11e5c33006422c226cfa
                                                                    • Instruction Fuzzy Hash: 9222AF6690DB07A1FE14FB60AC642B5ABA4AF48759FD81531D80E06275FFFCB649C230
                                                                    Function 00007FF702BE531C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                    • API String ID: 808467561-2761157908
                                                                    • Opcode ID: d700f69ad9a83803b0d0e637264b1b7e22121a30603610bb88393cfb8a3bc4ed
                                                                    • Instruction ID: e52de7d6064d4a5b41ca54d2ab08a66b246e5db837c76f6359cd255641d55676
                                                                    • Opcode Fuzzy Hash: d700f69ad9a83803b0d0e637264b1b7e22121a30603610bb88393cfb8a3bc4ed
                                                                    • Instruction Fuzzy Hash: 89B2D273A182829BEB749F24D8407FDBBA1FF5438CFD05135DA0957A85EBB8A900CB50
                                                                    Function 00007FF702BCA26D Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                    • API String ID: 0-2665694366
                                                                    • Opcode ID: 4827148dd37d06b9a23a2cb7d22b3f776e5342dd5831b168843cb21776e0705c
                                                                    • Instruction ID: b2caaf4d264b43be5ae679de69ab045ae51cf0add3302d61ac74858234c6dacd
                                                                    • Opcode Fuzzy Hash: 4827148dd37d06b9a23a2cb7d22b3f776e5342dd5831b168843cb21776e0705c
                                                                    • Instruction Fuzzy Hash: 7B52F673A146AA8BE7949F14C858B7E7FA9FF44340F514139E64A87790EBBCE840CB50
                                                                    Function 00007FF702BCC6FC Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                    • String ID:
                                                                    • API String ID: 3140674995-0
                                                                    • Opcode ID: 89357c2c4ffda8ae13225540be7c458f51fcd4783b393db7419e501aec0a0031
                                                                    • Instruction ID: cfbf14f002ee5081c59933d0e114c27abb6a0e00347c3c291be1d073f272453c
                                                                    • Opcode Fuzzy Hash: 89357c2c4ffda8ae13225540be7c458f51fcd4783b393db7419e501aec0a0031
                                                                    • Instruction Fuzzy Hash: A2315273608B8295EB60AF60E8403EDB764FB94748F44403ADA4D47B94EFB8D548C710
                                                                    Function 00007FF702BE6E70 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _get_daylight.LIBCMT ref: 00007FF702BE6EB5
                                                                      • Part of subcall function 00007FF702BE6808: _invalid_parameter_noinfo.LIBCMT ref: 00007FF702BE681C
                                                                      • Part of subcall function 00007FF702BDB464: RtlFreeHeap.NTDLL(?,?,?,00007FF702BE3F92,?,?,?,00007FF702BE3FCF,?,?,00000000,00007FF702BE4495,?,?,?,00007FF702BE43C7), ref: 00007FF702BDB47A
                                                                      • Part of subcall function 00007FF702BDB464: GetLastError.KERNEL32(?,?,?,00007FF702BE3F92,?,?,?,00007FF702BE3FCF,?,?,00000000,00007FF702BE4495,?,?,?,00007FF702BE43C7), ref: 00007FF702BDB484
                                                                      • Part of subcall function 00007FF702BDB844: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF702BDB823,?,?,?,?,?,00007FF702BDB70E), ref: 00007FF702BDB84D
                                                                      • Part of subcall function 00007FF702BDB844: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF702BDB823,?,?,?,?,?,00007FF702BDB70E), ref: 00007FF702BDB872
                                                                    • _get_daylight.LIBCMT ref: 00007FF702BE6EA4
                                                                      • Part of subcall function 00007FF702BE6868: _invalid_parameter_noinfo.LIBCMT ref: 00007FF702BE687C
                                                                    • _get_daylight.LIBCMT ref: 00007FF702BE711A
                                                                    • _get_daylight.LIBCMT ref: 00007FF702BE712B
                                                                    • _get_daylight.LIBCMT ref: 00007FF702BE713C
                                                                    • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF702BE737C), ref: 00007FF702BE7163
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                    • String ID:
                                                                    • API String ID: 4070488512-0
                                                                    • Opcode ID: 1cc6d2bc0113d7e20a77d6be4757883c424c8a6b3909b765b0ec1a4afa43a119
                                                                    • Instruction ID: 4bcabf315381a48e1f2ef8fddabc59afde3f5ea961997d6077749de9773391ed
                                                                    • Opcode Fuzzy Hash: 1cc6d2bc0113d7e20a77d6be4757883c424c8a6b3909b765b0ec1a4afa43a119
                                                                    • Instruction Fuzzy Hash: A6D1B027A08242A6EB24FF25DC911B9EB61FF54798FC44135EA0D47A86EFBCE441C760
                                                                    Function 00007FF702BDB558 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                    • String ID:
                                                                    • API String ID: 1239891234-0
                                                                    • Opcode ID: 2c2a6f2487acec397f330098253e2a7329acffa396285c7b3dfee245a17751bc
                                                                    • Instruction ID: 155ba314151b16ad09780c4fc0d96c44e7c3a11905933777caf09f1f72fa2444
                                                                    • Opcode Fuzzy Hash: 2c2a6f2487acec397f330098253e2a7329acffa396285c7b3dfee245a17751bc
                                                                    • Instruction Fuzzy Hash: 2A317F37608B8296DB209F24E8402AEB7A4FF88758F900136EA8D43B94EF78C545CB10
                                                                    Function 00007FF702BE2AE4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 2227656907-0
                                                                    • Opcode ID: ccac9e585c27fa031d1f88e05c20b38684cf4203d2ca8c6846fc05bcbc68a6e8
                                                                    • Instruction ID: ddf49be7df24098ff9ff0306c17107ccc6936e36d97dece07f635712f5d6fdc0
                                                                    • Opcode Fuzzy Hash: ccac9e585c27fa031d1f88e05c20b38684cf4203d2ca8c6846fc05bcbc68a6e8
                                                                    • Instruction Fuzzy Hash: 33B19023A1869651EE64AB219C002B9AA55EF54BE8F844132EE5E07B95FFBCE441C720
                                                                    Function 00007FF702BE70EC Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _get_daylight.LIBCMT ref: 00007FF702BE711A
                                                                      • Part of subcall function 00007FF702BE6868: _invalid_parameter_noinfo.LIBCMT ref: 00007FF702BE687C
                                                                    • _get_daylight.LIBCMT ref: 00007FF702BE712B
                                                                      • Part of subcall function 00007FF702BE6808: _invalid_parameter_noinfo.LIBCMT ref: 00007FF702BE681C
                                                                    • _get_daylight.LIBCMT ref: 00007FF702BE713C
                                                                      • Part of subcall function 00007FF702BE6838: _invalid_parameter_noinfo.LIBCMT ref: 00007FF702BE684C
                                                                      • Part of subcall function 00007FF702BDB464: RtlFreeHeap.NTDLL(?,?,?,00007FF702BE3F92,?,?,?,00007FF702BE3FCF,?,?,00000000,00007FF702BE4495,?,?,?,00007FF702BE43C7), ref: 00007FF702BDB47A
                                                                      • Part of subcall function 00007FF702BDB464: GetLastError.KERNEL32(?,?,?,00007FF702BE3F92,?,?,?,00007FF702BE3FCF,?,?,00000000,00007FF702BE4495,?,?,?,00007FF702BE43C7), ref: 00007FF702BDB484
                                                                    • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF702BE737C), ref: 00007FF702BE7163
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                    • String ID:
                                                                    • API String ID: 3458911817-0
                                                                    • Opcode ID: fce0b41cc66c7972387442f4a259984a91ef9247f86000003104344bdc7b7ed6
                                                                    • Instruction ID: 1889bbcd9fd4a4e8dd12ca63e73fa8159d24e2bc3aecefdea451ee37551ab69b
                                                                    • Opcode Fuzzy Hash: fce0b41cc66c7972387442f4a259984a91ef9247f86000003104344bdc7b7ed6
                                                                    • Instruction Fuzzy Hash: 14516733A0864296EB10FF21DC815A9EB61FF58788FC44135EA4D87696EFBCE441CB60
                                                                    Function 00007FF702BCC5E0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                    • String ID:
                                                                    • API String ID: 2933794660-0
                                                                    • Opcode ID: d5122b7aff0e10d146bffe79506b726acaac58846df22bdc99709fd59aa8d240
                                                                    • Instruction ID: 2d3c3f4132a1fe7f370078cbc6139df86b1a8cdd0d0620e6760b7fe29d8b809e
                                                                    • Opcode Fuzzy Hash: d5122b7aff0e10d146bffe79506b726acaac58846df22bdc99709fd59aa8d240
                                                                    • Instruction Fuzzy Hash: 79115122B14F0299EB00EF60EC442B977A4FB19758F440E31DA6D86764EFBCD154C350
                                                                    Function 00007FF702BE4E80 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: memcpy_s
                                                                    • String ID:
                                                                    • API String ID: 1502251526-0
                                                                    • Opcode ID: b41cb84a548d2e61bdeb7bb10330278f5fecde395d7a0ce6ff99175555b28b3c
                                                                    • Instruction ID: eef05c99cea26a1d7836bf9e573fa2eb91ddf2dc67effb1109e92c56082def33
                                                                    • Opcode Fuzzy Hash: b41cb84a548d2e61bdeb7bb10330278f5fecde395d7a0ce6ff99175555b28b3c
                                                                    • Instruction Fuzzy Hash: 58C1D373B1828697EB349F59A44466AFB91FB84B8CF848135DB4A47784EB7DE801CB40
                                                                    Function 00007FF702BC9A34 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $header crc mismatch$unknown header flags set
                                                                    • API String ID: 0-1127688429
                                                                    • Opcode ID: b4bf022b898153f2a381bcd878a50a5d3c06b36ca84da26d2d0edcb3d1e551c0
                                                                    • Instruction ID: a0538c348325ed486bd22a0cf09ea32f5e57a1de4e6d9a80d502d4cadeb3d793
                                                                    • Opcode Fuzzy Hash: b4bf022b898153f2a381bcd878a50a5d3c06b36ca84da26d2d0edcb3d1e551c0
                                                                    • Instruction Fuzzy Hash: B5F1B473A087D987F795AF14C888A3ABEE9FF44740F654538DA49573A0DBB8E840C750
                                                                    Function 00007FF702BEA998 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionRaise_clrfp
                                                                    • String ID:
                                                                    • API String ID: 15204871-0
                                                                    • Opcode ID: e29282b711dd5704c0e64fe7638cddbeeb7149a3015151b68882fd3146651568
                                                                    • Instruction ID: 007804a60b9d864a4a2d89ee20c663405391f03f814aace828a576fadae24187
                                                                    • Opcode Fuzzy Hash: e29282b711dd5704c0e64fe7638cddbeeb7149a3015151b68882fd3146651568
                                                                    • Instruction Fuzzy Hash: 99B19A73A00B888BEB15CF29C88236CBBA4FB84B4CF148921DB6D837A4DB79D451C710
                                                                    Function 00007FF702BD4450 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $
                                                                    • API String ID: 0-227171996
                                                                    • Opcode ID: 5ebab5a2817f928350dc9776a3da4b540f16bc97e78530f340af468d76ff9f5e
                                                                    • Instruction ID: 7c107c80e175ced47ce117f068b0ca960f5fafe07e3c82002c46d26e5177e3f0
                                                                    • Opcode Fuzzy Hash: 5ebab5a2817f928350dc9776a3da4b540f16bc97e78530f340af468d76ff9f5e
                                                                    • Instruction Fuzzy Hash: E1E1E737A0864682EB68AF2588501BDBBB0FF45B88F944235DA4E07795FFBDE851C710
                                                                    Function 00007FF702BC989B Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: incorrect header check$invalid window size
                                                                    • API String ID: 0-900081337
                                                                    • Opcode ID: 8c4c8a6a705a7cf803fa5291bdc529627e531fe0bdcc095ab807ab19af6e2c49
                                                                    • Instruction ID: 07cac9a3f1c58814ae07b109333d33d7affaf92d69395d3d92804b98d83eaeda
                                                                    • Opcode Fuzzy Hash: 8c4c8a6a705a7cf803fa5291bdc529627e531fe0bdcc095ab807ab19af6e2c49
                                                                    • Instruction Fuzzy Hash: 0E91A773A186CA87F7A59F14C848A3E7EA9FF44350F614139DA4A867E0EB78E540CB10
                                                                    Function 00007FF702BDEFB8 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: e+000$gfff
                                                                    • API String ID: 0-3030954782
                                                                    • Opcode ID: ab39e04084c8b9065030c447a5361eb1aff85978d5a2f70618a83e2e92251626
                                                                    • Instruction ID: 2507c5004a662b6c8ed95c785fa9f95378332ffd17907e8a315cd1452df3e6b1
                                                                    • Opcode Fuzzy Hash: ab39e04084c8b9065030c447a5361eb1aff85978d5a2f70618a83e2e92251626
                                                                    • Instruction Fuzzy Hash: A4513323B1C2C586E7249E35DC007B9AF91EB54B98F888231CAA947AC5FFBDE445C710
                                                                    Function 00007FF702BDEB24 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: gfffffff
                                                                    • API String ID: 0-1523873471
                                                                    • Opcode ID: 1e22957b1159dd03df7ccd337d5a67203babfefd7ac1e182ea12ea91d3eef3d6
                                                                    • Instruction ID: d520e27ac0e21a3310868e022857b52d67ab3c5ad0a650eb0d9a56c32806d5ec
                                                                    • Opcode Fuzzy Hash: 1e22957b1159dd03df7ccd337d5a67203babfefd7ac1e182ea12ea91d3eef3d6
                                                                    • Instruction Fuzzy Hash: 6DA13563A0878686EB22DF25A8007EABF91AF54B84F858131DE8D4B785FF7DE501C711
                                                                    Function 00007FF702BD96D0 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID: TMP
                                                                    • API String ID: 3215553584-3125297090
                                                                    • Opcode ID: 8bb90b96481c3bc34baff152e4670fba6cb89323cf5fbd9ccfba4520d43ca801
                                                                    • Instruction ID: 6c9fb6d64df85ee8932ee71bfc3a0d32627db68ad87030167b7a198d2a519c33
                                                                    • Opcode Fuzzy Hash: 8bb90b96481c3bc34baff152e4670fba6cb89323cf5fbd9ccfba4520d43ca801
                                                                    • Instruction Fuzzy Hash: 1E517D26F08A4241FA68BB269D111FADA916F44FC4F884535DE0E47796FFBDF405C220
                                                                    Function 00007FF702BE46F0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: HeapProcess
                                                                    • String ID:
                                                                    • API String ID: 54951025-0
                                                                    • Opcode ID: b79ea0c05b8e708bf2e7ff1fe6aa0946c24d08db99ce40c7e012d78a6a9acfe9
                                                                    • Instruction ID: 1e435ff691355880ba0d6910e550f928512648067ad986a9a1a56b4f3b1df96f
                                                                    • Opcode Fuzzy Hash: b79ea0c05b8e708bf2e7ff1fe6aa0946c24d08db99ce40c7e012d78a6a9acfe9
                                                                    • Instruction Fuzzy Hash: A6B09221E17A02D6EA483B516C8222467A87F48741FD84038C00C81320EFBC21A69B20
                                                                    Function 00007FF702BD3F8C Relevance: .4, Instructions: 374COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a25825d834791a15779abc5a96815a53d20fd0a8b1de7024d724f2c7a0ffd609
                                                                    • Instruction ID: 8df74dceb988b76479c5c743bc82ab4d382ed5d5159af942c7d5b69eaf0edd8b
                                                                    • Opcode Fuzzy Hash: a25825d834791a15779abc5a96815a53d20fd0a8b1de7024d724f2c7a0ffd609
                                                                    • Instruction Fuzzy Hash: EEE1B52790864282EB68AE25C9402BDAFB1FF44B54F988135CE4D177D8FFB9E851C760
                                                                    Function 00007FF702BD3750 Relevance: .4, Instructions: 351COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 92f5019cce735186dcbe47a7940729bb5e8d7af8c1d6157f075a5e7b95ae45a8
                                                                    • Instruction ID: 52a10451b2d8b2cd0038ac5b05418832be001c6a0033a145c6c4014ea7f2e114
                                                                    • Opcode Fuzzy Hash: 92f5019cce735186dcbe47a7940729bb5e8d7af8c1d6157f075a5e7b95ae45a8
                                                                    • Instruction Fuzzy Hash: 20E1E373A0860285E764AA28C8543FCAFE1EF45B44F944275CE5D072D6FFADE841CB62
                                                                    Function 00007FF702BD3B88 Relevance: .3, Instructions: 327COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 86da56c12cd563bcad921fbd71c05d3fa176844b52d15b5090a52c27ad8a5c54
                                                                    • Instruction ID: 0f7f8fe759579dec933d097f4fb34bcde7be4b785948fbca5d752f133d139542
                                                                    • Opcode Fuzzy Hash: 86da56c12cd563bcad921fbd71c05d3fa176844b52d15b5090a52c27ad8a5c54
                                                                    • Instruction Fuzzy Hash: 34D1F923A0874686E768AF2598402BDAFE0EF05B48F984175DE0D076D6FFBDD841CB61
                                                                    Function 00007FF702BC8DC0 Relevance: .3, Instructions: 287COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8e0142d1de63ac36c46e431d0d75baaff102e1c1a7ac2c303afc5037c5988706
                                                                    • Instruction ID: 04811f13333710852f26208336a3366eb9f345266c7313614d92aedb3a3d54a9
                                                                    • Opcode Fuzzy Hash: 8e0142d1de63ac36c46e431d0d75baaff102e1c1a7ac2c303afc5037c5988706
                                                                    • Instruction Fuzzy Hash: 31C1B9732141E14BD289EB29E86A57B77E1F798389BD4803ADF8B47B85C63CE014D721
                                                                    Function 00007FF702BD2420 Relevance: .2, Instructions: 250COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b5780ef2d000dcd486574e33efb2770a379a55a34775bc5a7b80e7b31bbd7158
                                                                    • Instruction ID: c2bae4b729eea13659bd4994f5e561ea00371208c8e072c8961b7eb44d4584cc
                                                                    • Opcode Fuzzy Hash: b5780ef2d000dcd486574e33efb2770a379a55a34775bc5a7b80e7b31bbd7158
                                                                    • Instruction Fuzzy Hash: 79B18F7790868586E765AF29C8602BDBFA0EF45B48F984135CE4D47396FFA9E840C720
                                                                    Function 00007FF702BD27B8 Relevance: .2, Instructions: 241COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 56ef1490d9aa7cb50fdbcb208ea1e35327a83dacbd264ffe23c56c6782292f60
                                                                    • Instruction ID: 4fc7905fc898b1e1182193c419b89f8acc6296a89bf08ce82abfcd1b04453892
                                                                    • Opcode Fuzzy Hash: 56ef1490d9aa7cb50fdbcb208ea1e35327a83dacbd264ffe23c56c6782292f60
                                                                    • Instruction Fuzzy Hash: 7CB17E73A0868685E7659F2988502BCBFA0EB49B48FA40135CF4D47396FFA9E841C720
                                                                    Function 00007FF702BDF638 Relevance: .2, Instructions: 198COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2a05c6059b1d422c1c0961fd67960772ff2ba502e6a05041136868912dff4d23
                                                                    • Instruction ID: 727c8d85a70a38d494daf28c69021940e9544e356735b35bc0fe789f4550d7e3
                                                                    • Opcode Fuzzy Hash: 2a05c6059b1d422c1c0961fd67960772ff2ba502e6a05041136868912dff4d23
                                                                    • Instruction Fuzzy Hash: 9081B173A0C78186EB649B19A8403BAAA90EF45794F904235DA9E47F99FF7DE440CB10
                                                                    Function 00007FF702BE7688 Relevance: .2, Instructions: 183COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: eef01635753a3689cfd7199ced0fb7e0b5b43189aa21453eecf28f9410e22187
                                                                    • Instruction ID: b8ca54948f956c22f8f66b85d2bd5dfd1c967cfb66721b8503e30476747c1bfd
                                                                    • Opcode Fuzzy Hash: eef01635753a3689cfd7199ced0fb7e0b5b43189aa21453eecf28f9410e22187
                                                                    • Instruction Fuzzy Hash: F461C533E1829266FF64AB298C41679EE81EF50768F944235D72D426C1FFEDE840E720
                                                                    Function 00007FF702BD132C Relevance: .1, Instructions: 146COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                    • Instruction ID: f934d006a978da77f1e665999709926ff8abfc445284c0d6a2215dc3c966bcf1
                                                                    • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                    • Instruction Fuzzy Hash: 3A518637A3865182EB249B2DC4543BC7BA1EF44B68F688131CA4D17795FB7AE843CB50
                                                                    Function 00007FF702BD0F1C Relevance: .1, Instructions: 146COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                    • Instruction ID: 55c64fcd6d9cee8b28f1943d5a616b696d86c8fb02c34d62641706546b3a682d
                                                                    • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                    • Instruction Fuzzy Hash: 5E51B633A2865186E724AF29C4502BCBBA0EF44B68FB44131DE4D57794FB7AE843C750
                                                                    Function 00007FF702BD173C Relevance: .1, Instructions: 146COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                    • Instruction ID: b28ec598d5b81386ca778177315cadbad128a078866c3ce2be37c91c7afa6340
                                                                    • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                    • Instruction Fuzzy Hash: 6F518477A2865186E7249B2DC4402B8BBA1EF44B68F648231CE4D177A4FF7AE843C750
                                                                    Function 00007FF702BD1128 Relevance: .1, Instructions: 145COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7c9c7dfd85d7e05c9dc9b7e40d932aad9843605f203f1a6a08d3cc10701c718b
                                                                    • Instruction ID: 3d2f7f3e278329ccf076fd60fe349a5a4eb352e99c5f780f11b4de1fc0f0ee1c
                                                                    • Opcode Fuzzy Hash: 7c9c7dfd85d7e05c9dc9b7e40d932aad9843605f203f1a6a08d3cc10701c718b
                                                                    • Instruction Fuzzy Hash: 0D519337A3865186E7249B2DC8407B8BBA0EF45B58F648131CE4D57794FB7AE883CB50
                                                                    Function 00007FF702BD0D18 Relevance: .1, Instructions: 145COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3b300af1d1946d5df55db44b3d4e0876ae34829a82d49cb6751e26c04e9c1898
                                                                    • Instruction ID: 387b411d0f000d966611c976d531e26f2a9103e7f40e09dc4061fcac06324e6f
                                                                    • Opcode Fuzzy Hash: 3b300af1d1946d5df55db44b3d4e0876ae34829a82d49cb6751e26c04e9c1898
                                                                    • Instruction Fuzzy Hash: EE51C337A28A5186E724AB28D4403BDBBA0EF45B58FA44532CE4D17794FB7AF842C750
                                                                    Function 00007FF702BD1538 Relevance: .1, Instructions: 145COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7710b6301a9c53c0f35ccf6fc131232db227f89fb6367f1206a3fe51f4b04988
                                                                    • Instruction ID: 4e3c5c5f1a5f722b41cdbd3f9ecec566249fb8e7f164405fe80f9445894bbc1c
                                                                    • Opcode Fuzzy Hash: 7710b6301a9c53c0f35ccf6fc131232db227f89fb6367f1206a3fe51f4b04988
                                                                    • Instruction Fuzzy Hash: 0C519277A2865186E7249F2DC4402B8BBA0EF44B5CFA84131CE4D17795FF7AE842C790
                                                                    Function 00007FF702BD6CF0 Relevance: .1, Instructions: 138COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                    • Instruction ID: 75beb1e95238a591e19a0e5007cfc7ba53e109a03b1e1af6681e326e14f0ca85
                                                                    • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                    • Instruction Fuzzy Hash: 8441E693C4968B05E99D992D7D046F4AF989F63BA0DD812B0CC99533C7FF8DA587C220
                                                                    Function 00007FF702BDAE20 Relevance: .1, Instructions: 126COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorFreeHeapLast
                                                                    • String ID:
                                                                    • API String ID: 485612231-0
                                                                    • Opcode ID: 7a7ebbd17873febb15e29de35626f23177de76f7dba359f1eda69606ccc1bea3
                                                                    • Instruction ID: f442ad1cd3bb9046c765a22b690f7fbb62e83325cfa1b7088ca06879ef292e67
                                                                    • Opcode Fuzzy Hash: 7a7ebbd17873febb15e29de35626f23177de76f7dba359f1eda69606ccc1bea3
                                                                    • Instruction Fuzzy Hash: 9B41D1A3714A5582EF04DF2ADD546A9A7A1BB48FC4B899036EE0D97B58EF7CD041C300
                                                                    Function 00007FF702BD9020 Relevance: .1, Instructions: 98COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3b4b82ba6feb1f2c625fcdd7b78fc6310e7e433b3778e25011fb45a65c2c329c
                                                                    • Instruction ID: 0a9d6fcee6121ead744f383162f8cddfbf0a06bb6593a230b8264f03724b606e
                                                                    • Opcode Fuzzy Hash: 3b4b82ba6feb1f2c625fcdd7b78fc6310e7e433b3778e25011fb45a65c2c329c
                                                                    • Instruction Fuzzy Hash: 3C31A43371CB4282EB24AF267C411BDAA95AF84B90F945238EA5D53B96FF7CD401C714
                                                                    Function 00007FF702BEA7E0 Relevance: .0, Instructions: 32COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 47026fad3db46e1691e12129f37de500b9ca6af24d2cbfa86880e77cbf706e66
                                                                    • Instruction ID: 2b9dccc29129370aa4a4233d5ffb934e801429358963eeb9a648b3008e13b513
                                                                    • Opcode Fuzzy Hash: 47026fad3db46e1691e12129f37de500b9ca6af24d2cbfa86880e77cbf706e66
                                                                    • Instruction Fuzzy Hash: 59F044727282959BDB949F29B84262A7BE4FB083C4BD08039D68DC3A04D7BC9451CF14
                                                                    Function 00007FF702BCC8A0 Relevance: .0, Instructions: 2COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0095cffb8fe81db1077c877ec2d194bac0958fa6bcac770c2119ba444bc36b37
                                                                    • Instruction ID: a8c664c4dc8e4c1e3c4460ac33bd548cc8174aaef47f534ad7c56dcfc068c6d5
                                                                    • Opcode Fuzzy Hash: 0095cffb8fe81db1077c877ec2d194bac0958fa6bcac770c2119ba444bc36b37
                                                                    • Instruction Fuzzy Hash: FAA0016290C842E0FA44AB00ED61031AB65BF60304B900432D05E450A0AFACA401C224
                                                                    Function 00007FF702BC6B00 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: AddressErrorLastProc
                                                                    • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                    • API String ID: 199729137-3427451314
                                                                    • Opcode ID: 3ce57ac688b021c07c17bb9d18c3d2db368ff9ca427b7eb3b8bd4dc412038eb8
                                                                    • Instruction ID: a2c4e52c26ab880dee5ecdf423954db2d238d0d635e5536fd3238bb1d5c91485
                                                                    • Opcode Fuzzy Hash: 3ce57ac688b021c07c17bb9d18c3d2db368ff9ca427b7eb3b8bd4dc412038eb8
                                                                    • Instruction Fuzzy Hash: 6602C276A09B47A0FE15FB24BC50574ABA8AF84788BD80175D80E06675FFFCA549C330
                                                                    Function 00007FF702BC7610 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00007FF702BC8950: MultiByteToWideChar.KERNEL32(?,?,?,00007FF702BC3A04,00000000,00007FF702BC1965), ref: 00007FF702BC8989
                                                                    • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF702BC7CF7,FFFFFFFF,00000000,?,00007FF702BC3101), ref: 00007FF702BC766C
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: ByteCharEnvironmentExpandMultiStringsWide
                                                                    • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                    • API String ID: 2001182103-930877121
                                                                    • Opcode ID: c12f537dd095d990c73456ab9bcad2fdb505f4a02d1bedcb9a56ce5ba8a3e8b7
                                                                    • Instruction ID: 0a8a5aa52ae074c51b933bb5900d71cecfe4ceea0a42131082c5488ac27aae9d
                                                                    • Opcode Fuzzy Hash: c12f537dd095d990c73456ab9bcad2fdb505f4a02d1bedcb9a56ce5ba8a3e8b7
                                                                    • Instruction Fuzzy Hash: 3F51A823A2964351FB50FB24DC516FAEA55EF94784FE40032DA0E42AA6FFBCE504D760
                                                                    Function 00007FF702BC7500 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                    • String ID: Needs to remove its temporary files.
                                                                    • API String ID: 3975851968-2863640275
                                                                    • Opcode ID: 44e53fe94581f3919e9549e222624ce8134aca65504236f29db41f4538cf5799
                                                                    • Instruction ID: d59ad4997bd83020c9e9265348f1fa916cb6cbead88ec5dcd625f069769a65eb
                                                                    • Opcode Fuzzy Hash: 44e53fe94581f3919e9549e222624ce8134aca65504236f29db41f4538cf5799
                                                                    • Instruction Fuzzy Hash: C821BA63B08A4391EB51BB79AC44179EB58EF88B94F984130DE2D473E5FFACD581C620
                                                                    Function 00007FF702BD7250 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 493COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID: -$:$f$p$p
                                                                    • API String ID: 3215553584-2013873522
                                                                    • Opcode ID: 65d4a0ffdc8e7253b8e60b637b85ac8f97459ea152ba9c8238927d2e88e0f15e
                                                                    • Instruction ID: 6277132b8544e9c2015edf11d962fedf340e9a3d1a7824c6d1087f8e96a8b961
                                                                    • Opcode Fuzzy Hash: 65d4a0ffdc8e7253b8e60b637b85ac8f97459ea152ba9c8238927d2e88e0f15e
                                                                    • Instruction Fuzzy Hash: D3127F67E0C14386FB24BA1598446F9FA91FF40750FD84136E69A46AC4FFBDE480EB20
                                                                    Function 00007FF702BD05A0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID: f$f$p$p$f
                                                                    • API String ID: 3215553584-1325933183
                                                                    • Opcode ID: fc8e2330ab6ced16bd3d959f6bc8057a9fc686b659d09149717256120edd57c1
                                                                    • Instruction ID: a8516d640c59e830fec371ac364e607ae44b72c8110cc8d87f2c3ebecf579276
                                                                    • Opcode Fuzzy Hash: fc8e2330ab6ced16bd3d959f6bc8057a9fc686b659d09149717256120edd57c1
                                                                    • Instruction Fuzzy Hash: D6128F23A0D14386FB24BA1998546FAFA51FF90754FC84835E69A466C4FFBCE484CB24
                                                                    Function 00007FF702BC1030 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentProcess
                                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                    • API String ID: 2050909247-3659356012
                                                                    • Opcode ID: bbb14e8497c2d47197b545ac1ada0846cbf05b2fa5a328935122ae7cfe50388d
                                                                    • Instruction ID: 44fa94a645fb47cb40f2c5e92305fe5c5725753174ab669596cbaf0bb784d631
                                                                    • Opcode Fuzzy Hash: bbb14e8497c2d47197b545ac1ada0846cbf05b2fa5a328935122ae7cfe50388d
                                                                    • Instruction Fuzzy Hash: 9E419C23B1869296EA10FB159C406B9EA95BF44BD4FE44032ED0C177A6FFBCE441C760
                                                                    Function 00007FF702BC1450 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentProcess
                                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                    • API String ID: 2050909247-3659356012
                                                                    • Opcode ID: 9319a8bafeca61d8f13e6d3de4f3e54f7b5cbf44fa0051d1d3041706561192ba
                                                                    • Instruction ID: 31683fa185af5de044ccda07bdc77f5fba32f5e9c61dbd2be1748f4895677a1e
                                                                    • Opcode Fuzzy Hash: 9319a8bafeca61d8f13e6d3de4f3e54f7b5cbf44fa0051d1d3041706561192ba
                                                                    • Instruction Fuzzy Hash: AD416033A1864396EA10FB259C411B9AB91EF44798FE44432ED1D17AAAFFBCE501C720
                                                                    Function 00007FF702BCDF98 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                    • String ID: csm$csm$csm
                                                                    • API String ID: 849930591-393685449
                                                                    • Opcode ID: 7d7d5a635fcd63c536a58b816f4712f1a96a9e43b0d550c3d6dd02e630e8922c
                                                                    • Instruction ID: 3f3bd394eddb6c594f84f741850361f364d6289cab3f88f00b429ae660f7897d
                                                                    • Opcode Fuzzy Hash: 7d7d5a635fcd63c536a58b816f4712f1a96a9e43b0d550c3d6dd02e630e8922c
                                                                    • Instruction Fuzzy Hash: FDD17233A08742C6EB20AB65D8413ADBBA0FF45798FA44135EE8D577A5EF78E081C750
                                                                    Function 00007FF702BC2310 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 99windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF702BC2AC6,?,00007FF702BC2BC5), ref: 00007FF702BC2360
                                                                    • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF702BC2AC6,?,00007FF702BC2BC5), ref: 00007FF702BC241A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentFormatMessageProcess
                                                                    • String ID: %ls$%ls: $<FormatMessageW failed.>$[PYI-%d:ERROR]
                                                                    • API String ID: 27993502-4247535189
                                                                    • Opcode ID: 92e20a795bf73765402ca9ec7783ee5ad9f8f927f89bd5dd19570627e0bc01fb
                                                                    • Instruction ID: 134f4537a154fd38420af7e728f37c5a26f00a9ee2768c321448767f570edadc
                                                                    • Opcode Fuzzy Hash: 92e20a795bf73765402ca9ec7783ee5ad9f8f927f89bd5dd19570627e0bc01fb
                                                                    • Instruction Fuzzy Hash: C231D563B0864155E620B725BC106EAEA55FF84BD8F900135EF4D97A6AFFBCD106C710
                                                                    Function 00007FF702BCD258 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF702BCD50A,?,?,?,00007FF702BCD1FC,?,?,?,00007FF702BCCDF9), ref: 00007FF702BCD2DD
                                                                    • GetLastError.KERNEL32(?,?,?,00007FF702BCD50A,?,?,?,00007FF702BCD1FC,?,?,?,00007FF702BCCDF9), ref: 00007FF702BCD2EB
                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF702BCD50A,?,?,?,00007FF702BCD1FC,?,?,?,00007FF702BCCDF9), ref: 00007FF702BCD315
                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF702BCD50A,?,?,?,00007FF702BCD1FC,?,?,?,00007FF702BCCDF9), ref: 00007FF702BCD383
                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF702BCD50A,?,?,?,00007FF702BCD1FC,?,?,?,00007FF702BCCDF9), ref: 00007FF702BCD38F
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                                    • String ID: api-ms-
                                                                    • API String ID: 2559590344-2084034818
                                                                    • Opcode ID: ec1d8984956c5f4cef63aabdc1ab3d005d502d88db624b4fbd9ceb099b80f4f4
                                                                    • Instruction ID: 4634b8845a56d5b52831fb111d48dcc35930128c15d16dba06f6b56c77f8b674
                                                                    • Opcode Fuzzy Hash: ec1d8984956c5f4cef63aabdc1ab3d005d502d88db624b4fbd9ceb099b80f4f4
                                                                    • Instruction Fuzzy Hash: 5331B627B1A64391EE11BB02AC00275AB94FF88BA4FA94535DD5D4B365FFBCE445C320
                                                                    Function 00007FF702BC57A0 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentProcess
                                                                    • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                    • API String ID: 2050909247-2434346643
                                                                    • Opcode ID: 57f2e03855a98cc957638366e02885260eb86ee0512a8128b0f554b17f515a16
                                                                    • Instruction ID: 11c86fa006e4374002eff3aea3f38cc23ae1851bf24311733a23316f5a3e82f3
                                                                    • Opcode Fuzzy Hash: 57f2e03855a98cc957638366e02885260eb86ee0512a8128b0f554b17f515a16
                                                                    • Instruction Fuzzy Hash: 1441A232A1868791EA21FB10EC041E9A755FF54354FE00132EA5D532AAFFBCF605C760
                                                                    Function 00007FF702BDC050 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Value$ErrorLast
                                                                    • String ID:
                                                                    • API String ID: 2506987500-0
                                                                    • Opcode ID: 6cd12d297b2340e5ffa7c7392ce0e4cdced9a85fa0896577ca3510b685e0d80d
                                                                    • Instruction ID: 0a4ea3c02f6da995e71b4bcf77df96abd77b707c598394a7b81746eba41c5d5d
                                                                    • Opcode Fuzzy Hash: 6cd12d297b2340e5ffa7c7392ce0e4cdced9a85fa0896577ca3510b685e0d80d
                                                                    • Instruction Fuzzy Hash: EF213D22A0D24242FE54B7619E412B9DE824F447A4FD44B36D93E566D6FFFCB841C720
                                                                    Function 00007FF702BE8FDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                    • String ID: CONOUT$
                                                                    • API String ID: 3230265001-3130406586
                                                                    • Opcode ID: 09a7ef29c2f791f79e4b414a588c98caae924e0a86b8d7fe5631f15f3a619b4d
                                                                    • Instruction ID: d7e7745b09f2873d5881fb132f3eedd0cd50214550895fe26b46c2e42c3e329c
                                                                    • Opcode Fuzzy Hash: 09a7ef29c2f791f79e4b414a588c98caae924e0a86b8d7fe5631f15f3a619b4d
                                                                    • Instruction Fuzzy Hash: 01119622718A4296E750AB52EC44325EAA4FF88BE4F944234D95D87794DFBCD444C750
                                                                    Function 00007FF702BC79B0 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetCurrentProcess.KERNEL32(FFFFFFFF,?,?,00000000,00007FF702BC8706), ref: 00007FF702BC79E2
                                                                    • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF702BC8706), ref: 00007FF702BC7A39
                                                                      • Part of subcall function 00007FF702BC8950: MultiByteToWideChar.KERNEL32(?,?,?,00007FF702BC3A04,00000000,00007FF702BC1965), ref: 00007FF702BC8989
                                                                    • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF702BC8706), ref: 00007FF702BC7AC8
                                                                    • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF702BC8706), ref: 00007FF702BC7B34
                                                                    • FreeLibrary.KERNEL32(?,?,00000000,00007FF702BC8706), ref: 00007FF702BC7B45
                                                                    • FreeLibrary.KERNEL32(?,?,00000000,00007FF702BC8706), ref: 00007FF702BC7B5A
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                    • String ID:
                                                                    • API String ID: 3462794448-0
                                                                    • Opcode ID: b9b63f54144ba03940088346b196338d5c2960aef7cb953cd42f14819606a153
                                                                    • Instruction ID: fadf3ad6d17c5bb4fb28f0f665ea1e6845cedf6d205e9664dceffa1e2742a4bb
                                                                    • Opcode Fuzzy Hash: b9b63f54144ba03940088346b196338d5c2960aef7cb953cd42f14819606a153
                                                                    • Instruction Fuzzy Hash: BB419073B0968241EA30AB11A8516AAE798FF48BC4F940035EF9D577A5EF7CD501CB20
                                                                    Function 00007FF702BDC1C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetLastError.KERNEL32(?,?,?,00007FF702BD5E51,?,?,?,?,00007FF702BDB392,?,?,?,?,00007FF702BD80CB), ref: 00007FF702BDC1D7
                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF702BD5E51,?,?,?,?,00007FF702BDB392,?,?,?,?,00007FF702BD80CB), ref: 00007FF702BDC20D
                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF702BD5E51,?,?,?,?,00007FF702BDB392,?,?,?,?,00007FF702BD80CB), ref: 00007FF702BDC23A
                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF702BD5E51,?,?,?,?,00007FF702BDB392,?,?,?,?,00007FF702BD80CB), ref: 00007FF702BDC24B
                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF702BD5E51,?,?,?,?,00007FF702BDB392,?,?,?,?,00007FF702BD80CB), ref: 00007FF702BDC25C
                                                                    • SetLastError.KERNEL32(?,?,?,00007FF702BD5E51,?,?,?,?,00007FF702BDB392,?,?,?,?,00007FF702BD80CB), ref: 00007FF702BDC277
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Value$ErrorLast
                                                                    • String ID:
                                                                    • API String ID: 2506987500-0
                                                                    • Opcode ID: 297eb830bf51183a03152683679a33ac8e7e939d0b2a29d40b44e033b6affbc9
                                                                    • Instruction ID: 3c4b89cc78f366900f46958df0282ae759771f465da08bda497a5c8323412750
                                                                    • Opcode Fuzzy Hash: 297eb830bf51183a03152683679a33ac8e7e939d0b2a29d40b44e033b6affbc9
                                                                    • Instruction Fuzzy Hash: 0A118122A0C24252FE54B7A15E813B9DE825F44BB4F944736D86E566D6FFFCB801C720
                                                                    Function 00007FF702BDA9C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                    • API String ID: 4061214504-1276376045
                                                                    • Opcode ID: f90418b582b416691a14bbb2ae6c6b71f2096e7654ee2338269033ad2dc175a6
                                                                    • Instruction ID: 3dbd4ec7165a8f9e9ff79e63711f7c8c64e495dffafb4e4ba7726e3b3c3b6640
                                                                    • Opcode Fuzzy Hash: f90418b582b416691a14bbb2ae6c6b71f2096e7654ee2338269033ad2dc175a6
                                                                    • Instruction Fuzzy Hash: CBF0C263A0860791EF14AB20EC443799B30EF48765FC40335C66E4A2E4FFACD044C320
                                                                    Function 00007FF702BEA5D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _set_statfp
                                                                    • String ID:
                                                                    • API String ID: 1156100317-0
                                                                    • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                    • Instruction ID: 068d49353c7525a782f2c2a330a567cb4fc2629fe719327e3f3e9e1167418918
                                                                    • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                    • Instruction Fuzzy Hash: 2D1182B3E58A0329FE643324DC923799C586F9676CF844634E96E063D6AFEC6841C120
                                                                    Function 00007FF702BDC290 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • FlsGetValue.KERNEL32(?,?,?,00007FF702BDB4E7,?,?,00000000,00007FF702BDB782,?,?,?,?,?,00007FF702BDB70E), ref: 00007FF702BDC2AF
                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF702BDB4E7,?,?,00000000,00007FF702BDB782,?,?,?,?,?,00007FF702BDB70E), ref: 00007FF702BDC2CE
                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF702BDB4E7,?,?,00000000,00007FF702BDB782,?,?,?,?,?,00007FF702BDB70E), ref: 00007FF702BDC2F6
                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF702BDB4E7,?,?,00000000,00007FF702BDB782,?,?,?,?,?,00007FF702BDB70E), ref: 00007FF702BDC307
                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF702BDB4E7,?,?,00000000,00007FF702BDB782,?,?,?,?,?,00007FF702BDB70E), ref: 00007FF702BDC318
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Value
                                                                    • String ID:
                                                                    • API String ID: 3702945584-0
                                                                    • Opcode ID: 336e871d9fe7b9feb1d4e8714057d4483739f4a760c37d9f3dc9b8317e64e27b
                                                                    • Instruction ID: 70b612810b9abf668b06280861042459ff26f6d84f94db63490b61c0347211cd
                                                                    • Opcode Fuzzy Hash: 336e871d9fe7b9feb1d4e8714057d4483739f4a760c37d9f3dc9b8317e64e27b
                                                                    • Instruction Fuzzy Hash: 24116052E0C64242FE54B7659E812B9EE815F447B4FC44735D86D666D6FFBCB801C220
                                                                    Function 00007FF702BDC124 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Value
                                                                    • String ID:
                                                                    • API String ID: 3702945584-0
                                                                    • Opcode ID: 4d8455bc275ec880ad9f8951d6e4f70d9feb0184cd7bbcf1a18e1e455a1bd2fd
                                                                    • Instruction ID: a98a3d9fa727ad88e6648972fe833147130bdd1413ce92674641e6e376d6c9a7
                                                                    • Opcode Fuzzy Hash: 4d8455bc275ec880ad9f8951d6e4f70d9feb0184cd7bbcf1a18e1e455a1bd2fd
                                                                    • Instruction Fuzzy Hash: 4711F812A0C20352FE58B3614D512B99E824F64764E980B36D82E592D2FFFCB845C670
                                                                    Function 00007FF702BC85B0 Relevance: 7.5, APIs: 5, Instructions: 36sleepthreadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Window$Process$ConsoleCurrentShowSleepThread
                                                                    • String ID:
                                                                    • API String ID: 3908687701-0
                                                                    • Opcode ID: c4ce1bea477394a5bd7c29aaffed6a601c2f4b1d57d0592e327ceaa9095476a5
                                                                    • Instruction ID: 4828ee675a0f535909df571f55d8986e182ae0f6d412d45da15fc2438abfcfdc
                                                                    • Opcode Fuzzy Hash: c4ce1bea477394a5bd7c29aaffed6a601c2f4b1d57d0592e327ceaa9095476a5
                                                                    • Instruction Fuzzy Hash: 77018622F2874382EF556B21AC84139AB65EF44B84F945138DA4F46669FFFCD881C720
                                                                    Function 00007FF702BD6F60 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID: verbose
                                                                    • API String ID: 3215553584-579935070
                                                                    • Opcode ID: 5742ae6ca51b03e9d6fd204cb41504e479b7e72b202bc53543779a715851f7d3
                                                                    • Instruction ID: e83e25b35a0f9ac0343592a9acc5a93977c5ea6ac86860e35f245f6aa6e92ad7
                                                                    • Opcode Fuzzy Hash: 5742ae6ca51b03e9d6fd204cb41504e479b7e72b202bc53543779a715851f7d3
                                                                    • Instruction Fuzzy Hash: 9691BC23A08A4681E721AE24DC517FDFA95AF05B94FC44236DA9D472C9FFBCE445E320
                                                                    Function 00007FF702BE0E38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                    • API String ID: 3215553584-1196891531
                                                                    • Opcode ID: 59f559b3b4a43374a67f10f227721a3fbc4a07d852e694dccd2ae9d3b54f0314
                                                                    • Instruction ID: d2b229ea1fe3d5d74191becc4df977b69ce68dff5e17f7b64d1cd911c8a53612
                                                                    • Opcode Fuzzy Hash: 59f559b3b4a43374a67f10f227721a3fbc4a07d852e694dccd2ae9d3b54f0314
                                                                    • Instruction Fuzzy Hash: F181B233D18242A5FE647F298910278AEA0EF1174CFE54434CA0E63286FBFDE841D762
                                                                    Function 00007FF702BCCBD8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                    • String ID: csm
                                                                    • API String ID: 2395640692-1018135373
                                                                    • Opcode ID: ab412f78eb90613ff4c98a1fac2d50a5770803065215d444c3ce453a3de23157
                                                                    • Instruction ID: 05e0ab72a03eaf728419dbfbc4490645f11cf6419b5e960bc68572ba8e5ca43c
                                                                    • Opcode Fuzzy Hash: ab412f78eb90613ff4c98a1fac2d50a5770803065215d444c3ce453a3de23157
                                                                    • Instruction Fuzzy Hash: 6551C333B196028ADB54EF15E814A79BF91EF54B98FA04132DA4D47768EFBCE841C710
                                                                    Function 00007FF702BCE468 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CallEncodePointerTranslator
                                                                    • String ID: MOC$RCC
                                                                    • API String ID: 3544855599-2084237596
                                                                    • Opcode ID: 2d0d38728c8b81eb1afee087d1255ca92539906646f1d2432080e5defd871a42
                                                                    • Instruction ID: 271b749e63523b8230138710f2ef04f82bf023506b41fa09bb3a2d9fa4b415ba
                                                                    • Opcode Fuzzy Hash: 2d0d38728c8b81eb1afee087d1255ca92539906646f1d2432080e5defd871a42
                                                                    • Instruction Fuzzy Hash: EC6172739187C5C1D660AB15E8403AAFBA0FB94794F544635EB9C077A6EFBCE190CB10
                                                                    Function 00007FF702BCE818 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                    • String ID: csm$csm
                                                                    • API String ID: 3896166516-3733052814
                                                                    • Opcode ID: 881cb4ef47e13874d43f93ad661edca9df8e178c9ea1252ba64912ddd8f944cb
                                                                    • Instruction ID: b7c557d1f71bf43b46fba0acc223e6a70878c184c68e052ae0c4e69f5e28bd74
                                                                    • Opcode Fuzzy Hash: 881cb4ef47e13874d43f93ad661edca9df8e178c9ea1252ba64912ddd8f944cb
                                                                    • Instruction Fuzzy Hash: EF51A033908282CAEB74AB519844368BBA0FF54B84FA45135EB9C477E5DFBCE450C724
                                                                    Function 00007FF702BC7260 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateDirectoryW.KERNEL32(00000000,?,00007FF702BC28EC,FFFFFFFF,00000000,00007FF702BC336A), ref: 00007FF702BC7372
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CreateDirectory
                                                                    • String ID: %.*s$%s%c$\
                                                                    • API String ID: 4241100979-1685191245
                                                                    • Opcode ID: 8483aebf73e132e5a1e11bd86e0dae461c6ec9d36d7fd58fe1f5dbf943300de9
                                                                    • Instruction ID: 84991c9cb2b8e96cde58d8f396d94c386b4d946dd269a22527de6ca8466e9aa0
                                                                    • Opcode Fuzzy Hash: 8483aebf73e132e5a1e11bd86e0dae461c6ec9d36d7fd58fe1f5dbf943300de9
                                                                    • Instruction Fuzzy Hash: B231EC22719AC545EA21A710EC107EAE758EF84BE4F944231EEAD477D9EF7CD105C710
                                                                    Function 00007FF702BC2220 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 61COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetCurrentProcessId.KERNEL32(FFFFFFFF,00000000,00000000,?,00000000,00007FF702BC866F), ref: 00007FF702BC226E
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentProcess
                                                                    • String ID: %ls$WARNING$[PYI-%d:%ls]
                                                                    • API String ID: 2050909247-3372507544
                                                                    • Opcode ID: 92da2cbc5b979b0862b6cfd95371d042a7d5931ee882c49d5c626b31f152fc77
                                                                    • Instruction ID: 755e5b54668c202573f907b6a9583293fb58efa6101f9fc626d8f9242fe1b828
                                                                    • Opcode Fuzzy Hash: 92da2cbc5b979b0862b6cfd95371d042a7d5931ee882c49d5c626b31f152fc77
                                                                    • Instruction Fuzzy Hash: C921C563719B8291E610ABA0FC416EABB58FF847C4F800135EA8D5366AFFBCD115C750
                                                                    Function 00007FF702BDD4A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                                    • String ID:
                                                                    • API String ID: 2718003287-0
                                                                    • Opcode ID: fabcd4fad7fa856dcf2e9951dc7cbf89ababb6e1d40fd4369e0489b0ae7d9f25
                                                                    • Instruction ID: a36266ae018545b193c0645ea7325f7f2cfeee6c6f2c5caff0914a8f566873b5
                                                                    • Opcode Fuzzy Hash: fabcd4fad7fa856dcf2e9951dc7cbf89ababb6e1d40fd4369e0489b0ae7d9f25
                                                                    • Instruction Fuzzy Hash: A6D1D033B08A4289E711DF65D8402EC7BB1FB44B98B944235CE9E97B99EF79E406C710
                                                                    Function 00007FF702BE0BFC Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _get_daylight$_isindst
                                                                    • String ID:
                                                                    • API String ID: 4170891091-0
                                                                    • Opcode ID: 89e82a0bcb92f9a57c8ce538440e566bc748d838767a3902d6c6661200ebf515
                                                                    • Instruction ID: 701f86224d95607f0842eafb85cc2149b5b2270de2f790b29347168336a83601
                                                                    • Opcode Fuzzy Hash: 89e82a0bcb92f9a57c8ce538440e566bc748d838767a3902d6c6661200ebf515
                                                                    • Instruction Fuzzy Hash: 33510473F042129AEF14FB249C912BCAB65AF1035CF904635DE1E62AE4EBB8E442C710
                                                                    Function 00007FF702BD6738 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                    • String ID:
                                                                    • API String ID: 2780335769-0
                                                                    • Opcode ID: 77215611d5833cc4261aa3ce6efef3cbe316a0555a56b2abfd6bea145bf69a9d
                                                                    • Instruction ID: 1349015d6d5467bf30edc613060a438ed5d91bad5dded4200ac6fbbf696544c9
                                                                    • Opcode Fuzzy Hash: 77215611d5833cc4261aa3ce6efef3cbe316a0555a56b2abfd6bea145bf69a9d
                                                                    • Instruction Fuzzy Hash: 9E518F23E086418AFB10EF71E8503BDABA5AF48B48F904535DE0D47689FFB9E441C760
                                                                    Function 00007FF702BE6D8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                    • String ID: ?
                                                                    • API String ID: 1286766494-1684325040
                                                                    • Opcode ID: 44877219fa58a3c80076740d489941753dcdf7d4d18713102933f3384318ca38
                                                                    • Instruction ID: 9fa7492afe640f747dfbc3ffb88ca9b437e7c9b98ce23a7cc7c0ac5fe3e8de72
                                                                    • Opcode Fuzzy Hash: 44877219fa58a3c80076740d489941753dcdf7d4d18713102933f3384318ca38
                                                                    • Instruction Fuzzy Hash: 1341C613A0828256FF64BB25D8413799F54EFA0BA8F944235EE5D06AD5FF7CD441C710
                                                                    Function 00007FF702BD9F50 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF702BD9F82
                                                                      • Part of subcall function 00007FF702BDB464: RtlFreeHeap.NTDLL(?,?,?,00007FF702BE3F92,?,?,?,00007FF702BE3FCF,?,?,00000000,00007FF702BE4495,?,?,?,00007FF702BE43C7), ref: 00007FF702BDB47A
                                                                      • Part of subcall function 00007FF702BDB464: GetLastError.KERNEL32(?,?,?,00007FF702BE3F92,?,?,?,00007FF702BE3FCF,?,?,00000000,00007FF702BE4495,?,?,?,00007FF702BE43C7), ref: 00007FF702BDB484
                                                                    • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF702BCC165), ref: 00007FF702BD9FA0
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                    • String ID: C:\Users\user\Desktop\setup.exe
                                                                    • API String ID: 3580290477-3490915227
                                                                    • Opcode ID: 2a2f06ea51d58fd39cad35a47b9855af257a0ebd26d3c321afc8fcfaab6f6b1a
                                                                    • Instruction ID: 045630d581fd206b07845b6967785b96dda5cbdacabaeb956073435773a583f8
                                                                    • Opcode Fuzzy Hash: 2a2f06ea51d58fd39cad35a47b9855af257a0ebd26d3c321afc8fcfaab6f6b1a
                                                                    • Instruction Fuzzy Hash: 34415F37A09B1286EB18FF25A8801F9AA95FF48B84FC54035EA4D47B95FF79E441C320
                                                                    Function 00007FF702BDDB38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorFileLastWrite
                                                                    • String ID: U
                                                                    • API String ID: 442123175-4171548499
                                                                    • Opcode ID: 57f6403a17afa6857eb93518903eebf05678db2d18f563f749b6ba14b42682ba
                                                                    • Instruction ID: 3dcbb41cfd76be6bf1c353efaf258e860bbde4cba5531164887160c2e669e0c0
                                                                    • Opcode Fuzzy Hash: 57f6403a17afa6857eb93518903eebf05678db2d18f563f749b6ba14b42682ba
                                                                    • Instruction Fuzzy Hash: 1B41C563718A4291DB20EF25E8443BAAB64FB84794F944531EE8D87758FFBCD441C750
                                                                    Function 00007FF702BC2020 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 78COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF702BC1B4A), ref: 00007FF702BC2070
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentProcess
                                                                    • String ID: %s: %s$[PYI-%d:ERROR]
                                                                    • API String ID: 2050909247-3704582800
                                                                    • Opcode ID: a5f084cc36529dd82358bb6d3c03fbfc020d3d736b3f3fde6876dd26524326fa
                                                                    • Instruction ID: d7ce1e0eb4c3f9d2a18d7c9bc9b2f1c7f89e763010a91011110ec6bff3a357d7
                                                                    • Opcode Fuzzy Hash: a5f084cc36529dd82358bb6d3c03fbfc020d3d736b3f3fde6876dd26524326fa
                                                                    • Instruction Fuzzy Hash: D2210763B1868155E720A761BC416F7AA54BF88BD4F800132FE8D5775AEFBCD146C210
                                                                    Function 00007FF702BE0828 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentDirectory
                                                                    • String ID: :
                                                                    • API String ID: 1611563598-336475711
                                                                    • Opcode ID: e405b3d95a77a686cd9e65060fb5efdbb8b04b637a4feec6827f9fe163836890
                                                                    • Instruction ID: 81bc7c7fc3cfd1ad51c5c749a3320e6eedd325af3d70222a2bde57087dbae563
                                                                    • Opcode Fuzzy Hash: e405b3d95a77a686cd9e65060fb5efdbb8b04b637a4feec6827f9fe163836890
                                                                    • Instruction Fuzzy Hash: C821C133A0828291FF20BB21D84426DA7A5FF88B48FC58435D69D53685EFFCE945C7A0
                                                                    Function 00007FF702BC2140 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF702BC28DA,FFFFFFFF,00000000,00007FF702BC336A), ref: 00007FF702BC218E
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentProcess
                                                                    • String ID: WARNING$[PYI-%d:%s]
                                                                    • API String ID: 2050909247-3752221249
                                                                    • Opcode ID: 28628bd70d5a97629098dcd42eabd330bee057474c06a66384895197b474a4b9
                                                                    • Instruction ID: 26c375e02a1fb48f41a235ff7f42cf4ce54c3fa96e31882bbe79d24800df9888
                                                                    • Opcode Fuzzy Hash: 28628bd70d5a97629098dcd42eabd330bee057474c06a66384895197b474a4b9
                                                                    • Instruction Fuzzy Hash: 4A11A173618B8251E620AB51F8816EABB54EF847C4F800035FACD53B5AEFBCD155C710
                                                                    Function 00007FF702BC1E50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF702BC1B79), ref: 00007FF702BC1E9E
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentProcess
                                                                    • String ID: ERROR$[PYI-%d:%s]
                                                                    • API String ID: 2050909247-3005936843
                                                                    • Opcode ID: c1c0bec23ccac853a0e083361079492e25c9a947d7081d13b76ea5259852d608
                                                                    • Instruction ID: a238406f58ad8bfd8a61dbacc92a3fed56c0281cf02f4c6cafa42aab70db45e9
                                                                    • Opcode Fuzzy Hash: c1c0bec23ccac853a0e083361079492e25c9a947d7081d13b76ea5259852d608
                                                                    • Instruction Fuzzy Hash: EE11C373618B8251E620AB51F8816EABB54EF847C4F800035FACD53A5AEFBCD155C710
                                                                    Function 00007FF702BCF2D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFileHeaderRaise
                                                                    • String ID: csm
                                                                    • API String ID: 2573137834-1018135373
                                                                    • Opcode ID: 778d4a5eeee770603d02c5501bef52114850414878b0bee781498c4a1570bacf
                                                                    • Instruction ID: d2f6f1e632aa3155b7831e98ed28ff8ef891ca8f80c4865f7922e1d2066fd57c
                                                                    • Opcode Fuzzy Hash: 778d4a5eeee770603d02c5501bef52114850414878b0bee781498c4a1570bacf
                                                                    • Instruction Fuzzy Hash: 35115E32608B8192EB219B15F840269BBE5FF88B88F588231DACD07B64EF7CD551C700
                                                                    Function 00007FF702BE19AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.1339774135.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000000.00000002.1339750377.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339807412.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339838246.00007FF702C04000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.1339890043.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: DriveType_invalid_parameter_noinfo
                                                                    • String ID: :
                                                                    • API String ID: 2595371189-336475711
                                                                    • Opcode ID: a21020f9989eba13c36801fee87724dcdfb53302495b3b0e02d80308072ceaa1
                                                                    • Instruction ID: def52bc87df1f11c5c9f572bc3057c9a845d43baba9e56713a3cf78a813011a7
                                                                    • Opcode Fuzzy Hash: a21020f9989eba13c36801fee87724dcdfb53302495b3b0e02d80308072ceaa1
                                                                    • Instruction Fuzzy Hash: 9001752391C20296EB30BB64985127EAA90EF58708FD01435D64D42655FFBCE945C724

                                                                    Executed Functions

                                                                    Function 00007FF8209710C0 Relevance: 687.3, APIs: 199, Strings: 193, Instructions: 1274networkCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1327883257.00007FF820971000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF820970000, based on PE: true
                                                                    • Associated: 00000003.00000002.1327846807.00007FF820970000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1327912317.00007FF820979000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1327968766.00007FF820981000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1328004422.00007FF820983000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820970000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Module_$Constant$String$Object$Err_$ConditionMask$Capsule_ExceptionFrom$DictDict_ExitFormatInfoLongLong_MallocMem_MemoryMetaclassStartupTraverseTypeType_UnsignedVerifyVersionmemset
                                                                    • String ID: 00000000-0000-0000-0000-000000000000$00:00:00:00:00:00$00:00:00:FF:FF:FF$90DB8B89-0D35-4F79-8CE9-49EA0AC8B7CD$A42E7CDA-D03F-480C-9CC2-A4DE20ABB878$AF_APPLETALK$AF_BLUETOOTH$AF_DECnet$AF_HYPERV$AF_INET$AF_INET6$AF_IPX$AF_IRDA$AF_LINK$AF_SNA$AF_UNSPEC$AI_ADDRCONFIG$AI_ALL$AI_CANONNAME$AI_NUMERICHOST$AI_NUMERICSERV$AI_PASSIVE$AI_V4MAPPED$BDADDR_ANY$BDADDR_LOCAL$BTPROTO_RFCOMM$CAPI$E0E16197-DD56-4A10-9195-5EE7A155A838$EAI_AGAIN$EAI_BADFLAGS$EAI_FAIL$EAI_FAMILY$EAI_MEMORY$EAI_NODATA$EAI_NONAME$EAI_SERVICE$EAI_SOCKTYPE$FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF$HVSOCKET_ADDRESS_FLAG_PASSTHRU$HVSOCKET_CONNECTED_SUSPEND$HVSOCKET_CONNECT_TIMEOUT$HVSOCKET_CONNECT_TIMEOUT_MAX$HV_GUID_BROADCAST$HV_GUID_CHILDREN$HV_GUID_LOOPBACK$HV_GUID_PARENT$HV_GUID_WILDCARD$HV_GUID_ZERO$HV_PROTOCOL_RAW$INADDR_ALLHOSTS_GROUP$INADDR_ANY$INADDR_BROADCAST$INADDR_LOOPBACK$INADDR_MAX_LOCAL_GROUP$INADDR_NONE$INADDR_UNSPEC_GROUP$IPPORT_RESERVED$IPPORT_USERRESERVED$IPPROTO_AH$IPPROTO_CBT$IPPROTO_DSTOPTS$IPPROTO_EGP$IPPROTO_ESP$IPPROTO_FRAGMENT$IPPROTO_GGP$IPPROTO_HOPOPTS$IPPROTO_ICLFXBM$IPPROTO_ICMP$IPPROTO_ICMPV6$IPPROTO_IDP$IPPROTO_IGMP$IPPROTO_IGP$IPPROTO_IP$IPPROTO_IPV4$IPPROTO_IPV6$IPPROTO_L2TP$IPPROTO_MAX$IPPROTO_ND$IPPROTO_NONE$IPPROTO_PGM$IPPROTO_PIM$IPPROTO_PUP$IPPROTO_RAW$IPPROTO_RDP$IPPROTO_ROUTING$IPPROTO_SCTP$IPPROTO_ST$IPPROTO_TCP$IPPROTO_UDP$IPV6_CHECKSUM$IPV6_DONTFRAG$IPV6_HOPLIMIT$IPV6_HOPOPTS$IPV6_JOIN_GROUP$IPV6_LEAVE_GROUP$IPV6_MULTICAST_HOPS$IPV6_MULTICAST_IF$IPV6_MULTICAST_LOOP$IPV6_PKTINFO$IPV6_RECVRTHDR$IPV6_RECVTCLASS$IPV6_RTHDR$IPV6_TCLASS$IPV6_UNICAST_HOPS$IPV6_V6ONLY$IP_ADD_MEMBERSHIP$IP_ADD_SOURCE_MEMBERSHIP$IP_BLOCK_SOURCE$IP_DROP_MEMBERSHIP$IP_DROP_SOURCE_MEMBERSHIP$IP_HDRINCL$IP_MULTICAST_IF$IP_MULTICAST_LOOP$IP_MULTICAST_TTL$IP_OPTIONS$IP_PKTINFO$IP_RECVDSTADDR$IP_RECVTOS$IP_TOS$IP_TTL$IP_UNBLOCK_SOURCE$MSG_BCAST$MSG_CTRUNC$MSG_DONTROUTE$MSG_ERRQUEUE$MSG_MCAST$MSG_OOB$MSG_PEEK$MSG_TRUNC$MSG_WAITALL$NI_DGRAM$NI_MAXHOST$NI_MAXSERV$NI_NAMEREQD$NI_NOFQDN$NI_NUMERICHOST$NI_NUMERICSERV$RCVALL_MAX$RCVALL_OFF$RCVALL_ON$RCVALL_SOCKETLEVELONLY$SHUT_RD$SHUT_RDWR$SHUT_WR$SIO_KEEPALIVE_VALS$SIO_LOOPBACK_FAST_PATH$SIO_RCVALL$SOCK_DGRAM$SOCK_RAW$SOCK_RDM$SOCK_SEQPACKET$SOCK_STREAM$SOL_IP$SOL_SOCKET$SOL_TCP$SOL_UDP$SOMAXCONN$SO_ACCEPTCONN$SO_BROADCAST$SO_DEBUG$SO_DONTROUTE$SO_ERROR$SO_EXCLUSIVEADDRUSE$SO_KEEPALIVE$SO_LINGER$SO_OOBINLINE$SO_RCVBUF$SO_RCVLOWAT$SO_RCVTIMEO$SO_REUSEADDR$SO_SNDBUF$SO_SNDLOWAT$SO_SNDTIMEO$SO_TYPE$SO_USELOOPBACK$SocketType$TCP_FASTOPEN$TCP_KEEPCNT$TCP_KEEPIDLE$TCP_KEEPINTVL$TCP_MAXSEG$TCP_NODELAY$WSAStartup failed: error code %d$WSAStartup failed: network not ready$WSAStartup failed: requested version not supported$_socket.CAPI$error$gaierror$has_ipv6$herror$socket.gaierror$socket.herror$timeout
                                                                    • API String ID: 3909536300-1188461360
                                                                    • Opcode ID: b6406d5dd5dbabfabf0a33aa18a855b1240c77099cea84650f5af718bc371faa
                                                                    • Instruction ID: 13d4c9e6074b045af10c19431519285a6e5a4d0cdc3c3513938ff52727f376c9
                                                                    • Opcode Fuzzy Hash: b6406d5dd5dbabfabf0a33aa18a855b1240c77099cea84650f5af718bc371faa
                                                                    • Instruction Fuzzy Hash: 00D2D7E2B18623E5FA108B16AC586A52764EF4AFD4F845035CE0F86773DE6EF14AC311
                                                                    Function 00007FF702BE7BD4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 721 7ff702be7bd4-7ff702be7c47 call 7ff702be7908 724 7ff702be7c61-7ff702be7c6b call 7ff702bd945c 721->724 725 7ff702be7c49-7ff702be7c52 call 7ff702bd5e28 721->725 730 7ff702be7c86-7ff702be7cef CreateFileW 724->730 731 7ff702be7c6d-7ff702be7c84 call 7ff702bd5e28 call 7ff702bd5e48 724->731 732 7ff702be7c55-7ff702be7c5c call 7ff702bd5e48 725->732 735 7ff702be7cf1-7ff702be7cf7 730->735 736 7ff702be7d6c-7ff702be7d77 GetFileType 730->736 731->732 743 7ff702be7fa2-7ff702be7fc2 732->743 741 7ff702be7d39-7ff702be7d67 GetLastError call 7ff702bd5dbc 735->741 742 7ff702be7cf9-7ff702be7cfd 735->742 738 7ff702be7dca-7ff702be7dd1 736->738 739 7ff702be7d79-7ff702be7db4 GetLastError call 7ff702bd5dbc CloseHandle 736->739 746 7ff702be7dd3-7ff702be7dd7 738->746 747 7ff702be7dd9-7ff702be7ddc 738->747 739->732 755 7ff702be7dba-7ff702be7dc5 call 7ff702bd5e48 739->755 741->732 742->741 748 7ff702be7cff-7ff702be7d37 CreateFileW 742->748 753 7ff702be7de2-7ff702be7e37 call 7ff702bd9374 746->753 747->753 754 7ff702be7dde 747->754 748->736 748->741 760 7ff702be7e56-7ff702be7e87 call 7ff702be7688 753->760 761 7ff702be7e39-7ff702be7e45 call 7ff702be7b10 753->761 754->753 755->732 767 7ff702be7e8d-7ff702be7ecf 760->767 768 7ff702be7e89-7ff702be7e8b 760->768 761->760 766 7ff702be7e47 761->766 769 7ff702be7e49-7ff702be7e51 call 7ff702bdb9c8 766->769 770 7ff702be7ef1-7ff702be7efc 767->770 771 7ff702be7ed1-7ff702be7ed5 767->771 768->769 769->743 774 7ff702be7fa0 770->774 775 7ff702be7f02-7ff702be7f06 770->775 771->770 773 7ff702be7ed7-7ff702be7eec 771->773 773->770 774->743 775->774 777 7ff702be7f0c-7ff702be7f51 CloseHandle CreateFileW 775->777 778 7ff702be7f53-7ff702be7f81 GetLastError call 7ff702bd5dbc call 7ff702bd959c 777->778 779 7ff702be7f86-7ff702be7f9b 777->779 778->779 779->774
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                    • String ID:
                                                                    • API String ID: 1617910340-0
                                                                    • Opcode ID: f7d25cc6398c99507331e2d119a18c280b6cb5988aed80ed714a7f2df808d279
                                                                    • Instruction ID: a7fda8c54976fd75a16a22f5c53a447f1fe8d0d95723764aca27035221115d95
                                                                    • Opcode Fuzzy Hash: f7d25cc6398c99507331e2d119a18c280b6cb5988aed80ed714a7f2df808d279
                                                                    • Instruction Fuzzy Hash: C6C1E333B28A4295EB10EF64D8806BCBB65EB48B98B804235DB1E5B7D4EF78D051D310
                                                                    Function 00007FF702BC8840 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Find$CloseFileFirst
                                                                    • String ID:
                                                                    • API String ID: 2295610775-0
                                                                    • Opcode ID: c8bb1e00aee5117eaed99adb2432ba14ac7573cdfbb2fa81c580c042f8a510df
                                                                    • Instruction ID: ac595fb3468204ac8c7e034cd56bd027009d29519479f89c4a22c5006114a345
                                                                    • Opcode Fuzzy Hash: c8bb1e00aee5117eaed99adb2432ba14ac7573cdfbb2fa81c580c042f8a510df
                                                                    • Instruction Fuzzy Hash: 99F0A923A1C64286F7609B50BC55366B750FF84328F940335D66D02AD4DFBCD009C600
                                                                    Function 00007FF702BC1000 Relevance: 61.8, APIs: 3, Strings: 32, Instructions: 527COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorFileLastModuleName
                                                                    • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$hide-early$hide-late$minimize-early$minimize-late$pkg$pyi-contents-directory$pyi-hide-console$pyi-python-flag$pyi-runtime-tmpdir
                                                                    • API String ID: 2776309574-3325264605
                                                                    • Opcode ID: 26a67838a0eb080d3d7bdc43e071a2a3a82d0a7299b43908b7835dcc59965ba6
                                                                    • Instruction ID: 78e9a5254a71f7e72f8a13ac02fadba6ba38bca2382f999f8be9262e9a69643c
                                                                    • Opcode Fuzzy Hash: 26a67838a0eb080d3d7bdc43e071a2a3a82d0a7299b43908b7835dcc59965ba6
                                                                    • Instruction Fuzzy Hash: 8B428023A0C68391FA25BB20DC542F9EE95AF54744FD48072DA5E462E6FFECE544C320
                                                                    Function 00007FF702BC1930 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 511 7ff702bc1930-7ff702bc196b call 7ff702bc39d0 514 7ff702bc1971-7ff702bc19b1 call 7ff702bc73d0 511->514 515 7ff702bc1c2e-7ff702bc1c52 call 7ff702bcbb10 511->515 520 7ff702bc19b7-7ff702bc19c7 call 7ff702bcfc2c 514->520 521 7ff702bc1c1b-7ff702bc1c1e call 7ff702bcf5a4 514->521 526 7ff702bc19c9-7ff702bc19e3 call 7ff702bd5e48 call 7ff702bc2020 520->526 527 7ff702bc19e8-7ff702bc1a04 call 7ff702bcf8f4 520->527 525 7ff702bc1c23-7ff702bc1c2b 521->525 525->515 526->521 533 7ff702bc1a06-7ff702bc1a20 call 7ff702bd5e48 call 7ff702bc2020 527->533 534 7ff702bc1a25-7ff702bc1a3a call 7ff702bd5e68 527->534 533->521 541 7ff702bc1a3c-7ff702bc1a56 call 7ff702bd5e48 call 7ff702bc2020 534->541 542 7ff702bc1a5b-7ff702bc1adc call 7ff702bc1c60 * 2 call 7ff702bcfc2c 534->542 541->521 553 7ff702bc1ae1-7ff702bc1af4 call 7ff702bd5e84 542->553 556 7ff702bc1af6-7ff702bc1b10 call 7ff702bd5e48 call 7ff702bc2020 553->556 557 7ff702bc1b15-7ff702bc1b2e call 7ff702bcf8f4 553->557 556->521 563 7ff702bc1b30-7ff702bc1b4a call 7ff702bd5e48 call 7ff702bc2020 557->563 564 7ff702bc1b4f-7ff702bc1b6b call 7ff702bcf668 557->564 563->521 570 7ff702bc1b7e-7ff702bc1b8c 564->570 571 7ff702bc1b6d-7ff702bc1b79 call 7ff702bc1e50 564->571 570->521 574 7ff702bc1b92-7ff702bc1b99 570->574 571->521 577 7ff702bc1ba1-7ff702bc1ba7 574->577 578 7ff702bc1bc0-7ff702bc1bcf 577->578 579 7ff702bc1ba9-7ff702bc1bb6 577->579 578->578 580 7ff702bc1bd1-7ff702bc1bda 578->580 579->580 581 7ff702bc1bef 580->581 582 7ff702bc1bdc-7ff702bc1bdf 580->582 583 7ff702bc1bf1-7ff702bc1c04 581->583 582->581 584 7ff702bc1be1-7ff702bc1be4 582->584 585 7ff702bc1c06 583->585 586 7ff702bc1c0d-7ff702bc1c19 583->586 584->581 587 7ff702bc1be6-7ff702bc1be9 584->587 585->586 586->521 586->577 587->581 588 7ff702bc1beb-7ff702bc1bed 587->588 588->583
                                                                    APIs
                                                                      • Part of subcall function 00007FF702BC73D0: _fread_nolock.LIBCMT ref: 00007FF702BC747A
                                                                    • _fread_nolock.LIBCMT ref: 00007FF702BC19FB
                                                                      • Part of subcall function 00007FF702BC2020: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF702BC1B4A), ref: 00007FF702BC2070
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _fread_nolock$CurrentProcess
                                                                    • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                    • API String ID: 2397952137-3497178890
                                                                    • Opcode ID: fbe367e1ca991e46e549707e9e78bb6415fbb5852a62aed6389b29efbbdba6a3
                                                                    • Instruction ID: db7abb8c6fdc0addb32d814b1e0d94ec7b11bc29bb274bfe58d6f26752d261a3
                                                                    • Opcode Fuzzy Hash: fbe367e1ca991e46e549707e9e78bb6415fbb5852a62aed6389b29efbbdba6a3
                                                                    • Instruction Fuzzy Hash: 32817333A1868295EB10FB28D8412F9ABA1EF48744FE04036E94D57766FFBCE545CB20
                                                                    Function 00007FF820431000 Relevance: 21.1, APIs: 14, Instructions: 117COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 589 7ff820431000-7ff820431028 PyModule_GetState PyDict_New 590 7ff82043102e-7ff82043103b PyDict_New 589->590 591 7ff82043115c-7ff820431161 589->591 590->591 592 7ff820431041-7ff82043104b 590->592 593 7ff820431149-7ff82043115b 591->593 594 7ff8204310d9-7ff8204310e8 592->594 595 7ff820431051-7ff820431058 592->595 597 7ff8204310ea 594->597 598 7ff820431147 594->598 596 7ff820431060-7ff82043106f PyUnicode_FromString 595->596 596->591 599 7ff820431075-7ff82043108e Py_BuildValue 596->599 600 7ff8204310f0-7ff82043110b PyLong_FromLong PyUnicode_FromString 597->600 598->593 601 7ff820433a16-7ff820433a19 599->601 602 7ff820431094-7ff8204310a9 PyDict_SetItem 599->602 600->591 603 7ff82043110d-7ff820431110 600->603 601->591 607 7ff820433a1f-7ff820433a23 601->607 605 7ff8204310ab-7ff8204310af 602->605 606 7ff8204310b5-7ff8204310b8 602->606 603->591 604 7ff820431112-7ff820431124 PyDict_SetItem 603->604 604->591 608 7ff820431126-7ff820431128 604->608 605->606 609 7ff8204339f8-7ff820433a02 _Py_Dealloc 605->609 610 7ff8204310ba-7ff8204310be 606->610 611 7ff8204310c4-7ff8204310c6 606->611 607->591 612 7ff820433a29-7ff820433a33 _Py_Dealloc 607->612 613 7ff820433a38-7ff820433a3c 608->613 614 7ff82043112e-7ff820431131 608->614 609->606 610->611 615 7ff820433a07-7ff820433a11 _Py_Dealloc 610->615 611->591 616 7ff8204310cc-7ff8204310d7 611->616 612->591 613->614 619 7ff820433a42-7ff820433a4c _Py_Dealloc 613->619 617 7ff82043113d-7ff820431145 614->617 618 7ff820431133-7ff820431137 614->618 615->611 616->594 616->596 617->598 617->600 618->617 620 7ff820433a51-7ff820433a5b _Py_Dealloc 618->620 619->614 620->617
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Dict_$From$DeallocItemStringUnicode_$BuildLongLong_Module_StateValue
                                                                    • String ID:
                                                                    • API String ID: 4070576976-0
                                                                    • Opcode ID: 20de4f22ecb4f820e0ba085cb681d0ae84f4d13cf3a3c7cd9759904c6615a911
                                                                    • Instruction ID: cd75607bf9d700b9dc85859f801e185ff7d0fbd2f544732588a20e3f581a52cc
                                                                    • Opcode Fuzzy Hash: 20de4f22ecb4f820e0ba085cb681d0ae84f4d13cf3a3c7cd9759904c6615a911
                                                                    • Instruction Fuzzy Hash: 85412935A09B4385EE15AF21AC443B826A4AF4ABD9F24E030CA4E427A5EF3CF454C780
                                                                    Function 00007FF702BC1450 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentProcess
                                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                    • API String ID: 2050909247-3659356012
                                                                    • Opcode ID: e947213b8582da4ddc261766b911f709590580002be82ad331a92120311cf214
                                                                    • Instruction ID: 31683fa185af5de044ccda07bdc77f5fba32f5e9c61dbd2be1748f4895677a1e
                                                                    • Opcode Fuzzy Hash: e947213b8582da4ddc261766b911f709590580002be82ad331a92120311cf214
                                                                    • Instruction Fuzzy Hash: AD416033A1864396EA10FB259C411B9AB91EF44798FE44432ED1D17AAAFFBCE501C720
                                                                    Function 00007FF702BC11F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 784 7ff702bc11f0-7ff702bc124d call 7ff702bcb340 787 7ff702bc124f-7ff702bc1276 call 7ff702bc1e50 784->787 788 7ff702bc1277-7ff702bc128f call 7ff702bd5e84 784->788 793 7ff702bc1291-7ff702bc12af call 7ff702bd5e48 call 7ff702bc2020 788->793 794 7ff702bc12b4-7ff702bc12c4 call 7ff702bd5e84 788->794 806 7ff702bc1419-7ff702bc144d call 7ff702bcb020 call 7ff702bd5e70 * 2 793->806 800 7ff702bc12c6-7ff702bc12e4 call 7ff702bd5e48 call 7ff702bc2020 794->800 801 7ff702bc12e9-7ff702bc12fb 794->801 800->806 802 7ff702bc1300-7ff702bc131d call 7ff702bcf8f4 801->802 809 7ff702bc1322-7ff702bc1325 802->809 812 7ff702bc1411 809->812 813 7ff702bc132b-7ff702bc1335 call 7ff702bcf668 809->813 812->806 813->812 820 7ff702bc133b-7ff702bc1347 813->820 822 7ff702bc1350-7ff702bc1378 call 7ff702bc9780 820->822 825 7ff702bc13f6-7ff702bc140c call 7ff702bc1e50 822->825 826 7ff702bc137a-7ff702bc137d 822->826 825->812 827 7ff702bc13f1 826->827 828 7ff702bc137f-7ff702bc1389 826->828 827->825 830 7ff702bc13b4-7ff702bc13b7 828->830 831 7ff702bc138b-7ff702bc13a1 call 7ff702bd0034 828->831 832 7ff702bc13ca-7ff702bc13cf 830->832 833 7ff702bc13b9-7ff702bc13c7 call 7ff702beb0a0 830->833 838 7ff702bc13af-7ff702bc13b2 831->838 839 7ff702bc13a3-7ff702bc13ad call 7ff702bcf668 831->839 832->822 836 7ff702bc13d5-7ff702bc13d8 832->836 833->832 841 7ff702bc13da-7ff702bc13dd 836->841 842 7ff702bc13ec-7ff702bc13ef 836->842 838->825 839->832 839->838 841->825 844 7ff702bc13df-7ff702bc13e7 841->844 842->812 844->802
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentProcess
                                                                    • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                    • API String ID: 2050909247-2813020118
                                                                    • Opcode ID: 9affaf0de7306ce34d3fe18153eb52c63318511bddc6c8cbbd58f27af357ba63
                                                                    • Instruction ID: 19fab644a71f18829aa89299729bc279236771a610fe9cee9b93a98d3d1e7654
                                                                    • Opcode Fuzzy Hash: 9affaf0de7306ce34d3fe18153eb52c63318511bddc6c8cbbd58f27af357ba63
                                                                    • Instruction Fuzzy Hash: 9C512963A1864255EA20BB25AC403BAEA91FF84798FE44135ED4D477E6FFBCE401C710
                                                                    Function 00007FF702BDFF7C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF702BE0316,?,?,-00000018,00007FF702BDBC5B,?,?,?,00007FF702BDBB52,?,?,?,00007FF702BD6EFE), ref: 00007FF702BE00F8
                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF702BE0316,?,?,-00000018,00007FF702BDBC5B,?,?,?,00007FF702BDBB52,?,?,?,00007FF702BD6EFE), ref: 00007FF702BE0104
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: AddressFreeLibraryProc
                                                                    • String ID: api-ms-$ext-ms-
                                                                    • API String ID: 3013587201-537541572
                                                                    • Opcode ID: d956f0b8ec152b18ca11aa0aed68125bebf2684d60339ba7369f52f17a1fcfe1
                                                                    • Instruction ID: e5b03fe6866c1a0ba051f6c6991a9d19dc0e13fbfa16cf0f36a462e817886dde
                                                                    • Opcode Fuzzy Hash: d956f0b8ec152b18ca11aa0aed68125bebf2684d60339ba7369f52f17a1fcfe1
                                                                    • Instruction Fuzzy Hash: 4F414423B09A0261EE11FB16AC106B5AB91BF08BA4F890535CD0DA7789FFFDE445C320
                                                                    Function 00007FF702BC2A70 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • GetModuleFileNameW.KERNEL32(?,00007FF702BC2BC5), ref: 00007FF702BC2AA1
                                                                    • GetLastError.KERNEL32(?,00007FF702BC2BC5), ref: 00007FF702BC2AAB
                                                                      • Part of subcall function 00007FF702BC2310: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF702BC2AC6,?,00007FF702BC2BC5), ref: 00007FF702BC2360
                                                                      • Part of subcall function 00007FF702BC2310: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF702BC2AC6,?,00007FF702BC2BC5), ref: 00007FF702BC241A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentErrorFileFormatLastMessageModuleNameProcess
                                                                    • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                    • API String ID: 4002088556-2863816727
                                                                    • Opcode ID: 093d1e49c6a3f32bbd7db28c580ca23961d52f0e240546522d41da137270d6a4
                                                                    • Instruction ID: 2a0a2b001211ac17a00026c0f86ccc7b4d7bbbd93ee7121162a4f4f6a3b47b2b
                                                                    • Opcode Fuzzy Hash: 093d1e49c6a3f32bbd7db28c580ca23961d52f0e240546522d41da137270d6a4
                                                                    • Instruction Fuzzy Hash: D221B763B1C64291FA24BB24EC103BAAA50BF48358FD00132E95D865FAFFACE504C320
                                                                    Function 00007FF702BDC95C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 971 7ff702bdc95c-7ff702bdc982 972 7ff702bdc984-7ff702bdc998 call 7ff702bd5e28 call 7ff702bd5e48 971->972 973 7ff702bdc99d-7ff702bdc9a1 971->973 987 7ff702bdcd8e 972->987 975 7ff702bdcd77-7ff702bdcd83 call 7ff702bd5e28 call 7ff702bd5e48 973->975 976 7ff702bdc9a7-7ff702bdc9ae 973->976 995 7ff702bdcd89 call 7ff702bdb824 975->995 976->975 978 7ff702bdc9b4-7ff702bdc9e2 976->978 978->975 981 7ff702bdc9e8-7ff702bdc9ef 978->981 984 7ff702bdc9f1-7ff702bdca03 call 7ff702bd5e28 call 7ff702bd5e48 981->984 985 7ff702bdca08-7ff702bdca0b 981->985 984->995 990 7ff702bdcd73-7ff702bdcd75 985->990 991 7ff702bdca11-7ff702bdca17 985->991 993 7ff702bdcd91-7ff702bdcda8 987->993 990->993 991->990 992 7ff702bdca1d-7ff702bdca20 991->992 992->984 996 7ff702bdca22-7ff702bdca47 992->996 995->987 999 7ff702bdca7a-7ff702bdca81 996->999 1000 7ff702bdca49-7ff702bdca4b 996->1000 1004 7ff702bdca83-7ff702bdcaab call 7ff702bde6c4 call 7ff702bdb464 * 2 999->1004 1005 7ff702bdca56-7ff702bdca6d call 7ff702bd5e28 call 7ff702bd5e48 call 7ff702bdb824 999->1005 1002 7ff702bdca72-7ff702bdca78 1000->1002 1003 7ff702bdca4d-7ff702bdca54 1000->1003 1007 7ff702bdcaf8-7ff702bdcb0f 1002->1007 1003->1002 1003->1005 1032 7ff702bdcaad-7ff702bdcac3 call 7ff702bd5e48 call 7ff702bd5e28 1004->1032 1033 7ff702bdcac8-7ff702bdcaf3 call 7ff702bdd184 1004->1033 1036 7ff702bdcc00 1005->1036 1010 7ff702bdcb11-7ff702bdcb19 1007->1010 1011 7ff702bdcb8a-7ff702bdcb94 call 7ff702be4b8c 1007->1011 1010->1011 1016 7ff702bdcb1b-7ff702bdcb1d 1010->1016 1024 7ff702bdcc1e 1011->1024 1025 7ff702bdcb9a-7ff702bdcbaf 1011->1025 1016->1011 1020 7ff702bdcb1f-7ff702bdcb35 1016->1020 1020->1011 1021 7ff702bdcb37-7ff702bdcb43 1020->1021 1021->1011 1026 7ff702bdcb45-7ff702bdcb47 1021->1026 1028 7ff702bdcc23-7ff702bdcc43 ReadFile 1024->1028 1025->1024 1030 7ff702bdcbb1-7ff702bdcbc3 GetConsoleMode 1025->1030 1026->1011 1031 7ff702bdcb49-7ff702bdcb61 1026->1031 1034 7ff702bdcd3d-7ff702bdcd46 GetLastError 1028->1034 1035 7ff702bdcc49-7ff702bdcc51 1028->1035 1030->1024 1037 7ff702bdcbc5-7ff702bdcbcd 1030->1037 1031->1011 1039 7ff702bdcb63-7ff702bdcb6f 1031->1039 1032->1036 1033->1007 1044 7ff702bdcd63-7ff702bdcd66 1034->1044 1045 7ff702bdcd48-7ff702bdcd5e call 7ff702bd5e48 call 7ff702bd5e28 1034->1045 1035->1034 1041 7ff702bdcc57 1035->1041 1038 7ff702bdcc03-7ff702bdcc0d call 7ff702bdb464 1036->1038 1037->1028 1043 7ff702bdcbcf-7ff702bdcbf1 ReadConsoleW 1037->1043 1038->993 1039->1011 1048 7ff702bdcb71-7ff702bdcb73 1039->1048 1052 7ff702bdcc5e-7ff702bdcc73 1041->1052 1054 7ff702bdcbf3 GetLastError 1043->1054 1055 7ff702bdcc12-7ff702bdcc1c 1043->1055 1049 7ff702bdcd6c-7ff702bdcd6e 1044->1049 1050 7ff702bdcbf9-7ff702bdcbfb call 7ff702bd5dbc 1044->1050 1045->1036 1048->1011 1058 7ff702bdcb75-7ff702bdcb85 1048->1058 1049->1038 1050->1036 1052->1038 1060 7ff702bdcc75-7ff702bdcc80 1052->1060 1054->1050 1055->1052 1058->1011 1064 7ff702bdcc82-7ff702bdcc9b call 7ff702bdc574 1060->1064 1065 7ff702bdcca7-7ff702bdccaf 1060->1065 1073 7ff702bdcca0-7ff702bdcca2 1064->1073 1068 7ff702bdccb1-7ff702bdccc3 1065->1068 1069 7ff702bdcd2b-7ff702bdcd38 call 7ff702bdc3b4 1065->1069 1070 7ff702bdccc5 1068->1070 1071 7ff702bdcd1e-7ff702bdcd26 1068->1071 1069->1073 1074 7ff702bdccca-7ff702bdccd1 1070->1074 1071->1038 1073->1038 1076 7ff702bdccd3-7ff702bdccd7 1074->1076 1077 7ff702bdcd0d-7ff702bdcd18 1074->1077 1078 7ff702bdccf3 1076->1078 1079 7ff702bdccd9-7ff702bdcce0 1076->1079 1077->1071 1081 7ff702bdccf9-7ff702bdcd09 1078->1081 1079->1078 1080 7ff702bdcce2-7ff702bdcce6 1079->1080 1080->1078 1082 7ff702bdcce8-7ff702bdccf1 1080->1082 1081->1074 1083 7ff702bdcd0b 1081->1083 1082->1081 1083->1071
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: eb536eff56005b26acab214ddad3b7f617f69f6ae0f39e6e286dc3f6b59ee020
                                                                    • Instruction ID: 1ec243fe832c4d14c1ac85819ce22c0f19b85ea2139d8b4ada47d26f7da2d6ed
                                                                    • Opcode Fuzzy Hash: eb536eff56005b26acab214ddad3b7f617f69f6ae0f39e6e286dc3f6b59ee020
                                                                    • Instruction Fuzzy Hash: F9C1A023A0CA8651E761AB1598442FDAF54EF85B80FD94132DA4E07791FFFCE845C760
                                                                    Function 00007FF702BC57A0 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentProcess
                                                                    • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                    • API String ID: 2050909247-2434346643
                                                                    • Opcode ID: 0161030ac6cb013b432a21c9304879e0f469f25312fd656d8e332880937228c1
                                                                    • Instruction ID: 11c86fa006e4374002eff3aea3f38cc23ae1851bf24311733a23316f5a3e82f3
                                                                    • Opcode Fuzzy Hash: 0161030ac6cb013b432a21c9304879e0f469f25312fd656d8e332880937228c1
                                                                    • Instruction Fuzzy Hash: 1441A232A1868791EA21FB10EC041E9A755FF54354FE00132EA5D532AAFFBCF605C760
                                                                    Function 00007FF832163870 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 32COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1121 7ff832163870-7ff832163891 PyFrozenSet_New 1122 7ff8321638cd-7ff8321638d2 1121->1122 1123 7ff832163893-7ff8321638ac EVP_MD_do_all_provided 1121->1123 1126 7ff8321638c7-7ff8321638cc 1122->1126 1124 7ff832165062-7ff83216506a 1123->1124 1125 7ff8321638b2-7ff8321638c1 PyModule_Add 1123->1125 1124->1122 1127 7ff832165070-7ff832165074 1124->1127 1125->1126 1127->1122 1128 7ff83216507a-7ff832165081 _Py_Dealloc 1127->1128 1128->1122
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: D_do_all_providedDeallocFrozenModule_Set_
                                                                    • String ID: openssl_md_meth_names
                                                                    • API String ID: 15186259-1600430994
                                                                    • Opcode ID: 3dacb64bbd2ff93f9058bbc70e59a15b237fdb5538899d157df68aaf4fe6fae5
                                                                    • Instruction ID: 6f4c2837fea10c25926ad793e6e6d49fc300ff7d4edd8136380920fec88faac5
                                                                    • Opcode Fuzzy Hash: 3dacb64bbd2ff93f9058bbc70e59a15b237fdb5538899d157df68aaf4fe6fae5
                                                                    • Instruction Fuzzy Hash: 4E014F7191864292EB265B20E9042FD7364FF48BA9F540235DD4E875B4CFBCF148E700
                                                                    Function 00007FF702BDDE60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1164 7ff702bdde60-7ff702bdde85 1165 7ff702bde153 1164->1165 1166 7ff702bdde8b-7ff702bdde8e 1164->1166 1167 7ff702bde155-7ff702bde165 1165->1167 1168 7ff702bdde90-7ff702bddec2 call 7ff702bdb758 1166->1168 1169 7ff702bddec7-7ff702bddef3 1166->1169 1168->1167 1171 7ff702bddef5-7ff702bddefc 1169->1171 1172 7ff702bddefe-7ff702bddf04 1169->1172 1171->1168 1171->1172 1173 7ff702bddf14-7ff702bddf29 call 7ff702be4b8c 1172->1173 1174 7ff702bddf06-7ff702bddf0f call 7ff702bdd220 1172->1174 1179 7ff702bde043-7ff702bde04c 1173->1179 1180 7ff702bddf2f-7ff702bddf38 1173->1180 1174->1173 1181 7ff702bde0a0-7ff702bde0c5 WriteFile 1179->1181 1182 7ff702bde04e-7ff702bde054 1179->1182 1180->1179 1183 7ff702bddf3e-7ff702bddf42 1180->1183 1184 7ff702bde0d0 1181->1184 1185 7ff702bde0c7-7ff702bde0cd GetLastError 1181->1185 1186 7ff702bde056-7ff702bde059 1182->1186 1187 7ff702bde08c-7ff702bde099 call 7ff702bdd918 1182->1187 1188 7ff702bddf44-7ff702bddf4c call 7ff702bd5270 1183->1188 1189 7ff702bddf53-7ff702bddf5e 1183->1189 1190 7ff702bde0d3 1184->1190 1185->1184 1191 7ff702bde05b-7ff702bde05e 1186->1191 1192 7ff702bde078-7ff702bde08a call 7ff702bddb38 1186->1192 1204 7ff702bde09e 1187->1204 1188->1189 1194 7ff702bddf60-7ff702bddf69 1189->1194 1195 7ff702bddf6f-7ff702bddf84 GetConsoleMode 1189->1195 1197 7ff702bde0d8 1190->1197 1198 7ff702bde0e4-7ff702bde0ee 1191->1198 1199 7ff702bde064-7ff702bde076 call 7ff702bdda1c 1191->1199 1205 7ff702bde030-7ff702bde037 1192->1205 1194->1179 1194->1195 1202 7ff702bde03c 1195->1202 1203 7ff702bddf8a-7ff702bddf90 1195->1203 1206 7ff702bde0dd 1197->1206 1207 7ff702bde0f0-7ff702bde0f5 1198->1207 1208 7ff702bde14c-7ff702bde151 1198->1208 1199->1205 1202->1179 1211 7ff702bddf96-7ff702bddf99 1203->1211 1212 7ff702bde019-7ff702bde02b call 7ff702bdd4a0 1203->1212 1204->1205 1205->1197 1206->1198 1216 7ff702bde123-7ff702bde12d 1207->1216 1217 7ff702bde0f7-7ff702bde0fa 1207->1217 1208->1167 1213 7ff702bddfa4-7ff702bddfb2 1211->1213 1214 7ff702bddf9b-7ff702bddf9e 1211->1214 1212->1205 1221 7ff702bddfb4 1213->1221 1222 7ff702bde010-7ff702bde014 1213->1222 1214->1206 1214->1213 1219 7ff702bde134-7ff702bde143 1216->1219 1220 7ff702bde12f-7ff702bde132 1216->1220 1223 7ff702bde113-7ff702bde11e call 7ff702bd5e04 1217->1223 1224 7ff702bde0fc-7ff702bde10b 1217->1224 1219->1208 1220->1165 1220->1219 1225 7ff702bddfb8-7ff702bddfcf call 7ff702be4c58 1221->1225 1222->1190 1223->1216 1224->1223 1230 7ff702bddfd1-7ff702bddfdd 1225->1230 1231 7ff702bde007-7ff702bde00d GetLastError 1225->1231 1232 7ff702bddfdf-7ff702bddff1 call 7ff702be4c58 1230->1232 1233 7ff702bddffc-7ff702bde003 1230->1233 1231->1222 1232->1231 1237 7ff702bddff3-7ff702bddffa 1232->1237 1233->1222 1235 7ff702bde005 1233->1235 1235->1225 1237->1233
                                                                    APIs
                                                                    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF702BDDE4B), ref: 00007FF702BDDF7C
                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF702BDDE4B), ref: 00007FF702BDE007
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: ConsoleErrorLastMode
                                                                    • String ID:
                                                                    • API String ID: 953036326-0
                                                                    • Opcode ID: 25026d299ec132fa7e986de3a50f80dd4a1c565eb46710a002b358a032e27337
                                                                    • Instruction ID: dda100d08237e5e6017114d62da0f38eb52373f816f33f9c069e6c91fe482bb6
                                                                    • Opcode Fuzzy Hash: 25026d299ec132fa7e986de3a50f80dd4a1c565eb46710a002b358a032e27337
                                                                    • Instruction Fuzzy Hash: 5F91A333B0865285F764AB6598402FDAFA4AF44B88FD44139DE4E5BA84FFBCD485C720
                                                                    Function 00007FF702BD65E4 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 1279662727-0
                                                                    • Opcode ID: a7851f35165aa053145fe01894016aececa3f2381e8a001c745c02259ff3d92e
                                                                    • Instruction ID: c15f3367c1bad4aabace49c88a3ad5225b816685a8b35280d46fe8fad62554c8
                                                                    • Opcode Fuzzy Hash: a7851f35165aa053145fe01894016aececa3f2381e8a001c745c02259ff3d92e
                                                                    • Instruction Fuzzy Hash: E1418623D1874283E754AB60A9503E9BB64FF95764F509334E69C03AD5FFACA5E0C720
                                                                    Function 00007FF702BC1E50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF702BC1B79), ref: 00007FF702BC1E9E
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentProcess
                                                                    • String ID: ERROR$[PYI-%d:%s]
                                                                    • API String ID: 2050909247-3005936843
                                                                    • Opcode ID: c1c0bec23ccac853a0e083361079492e25c9a947d7081d13b76ea5259852d608
                                                                    • Instruction ID: a238406f58ad8bfd8a61dbacc92a3fed56c0281cf02f4c6cafa42aab70db45e9
                                                                    • Opcode Fuzzy Hash: c1c0bec23ccac853a0e083361079492e25c9a947d7081d13b76ea5259852d608
                                                                    • Instruction Fuzzy Hash: EE11C373618B8251E620AB51F8816EABB54EF847C4F800035FACD53A5AEFBCD155C710
                                                                    Function 00007FF702BDA968 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Process$CurrentExitTerminate
                                                                    • String ID:
                                                                    • API String ID: 1703294689-0
                                                                    • Opcode ID: 823bef23182f8f61d7efa7880482c28a4a7867c446eada0463010af46261c3c5
                                                                    • Instruction ID: 3548d4c8420f759835ea649a4e3d99a252fb513f5e0ec79c870e2a2e71d69059
                                                                    • Opcode Fuzzy Hash: 823bef23182f8f61d7efa7880482c28a4a7867c446eada0463010af46261c3c5
                                                                    • Instruction Fuzzy Hash: E9D09E16B0860352EE183B705C952B9DB555F8C715F812838C98F0A393FFEDE489C631
                                                                    Function 00007FF702BCF694 Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: 141dc46c6224036006d776e19841065f05dd1418e65b387591b1a003cf84bd0f
                                                                    • Instruction ID: 60a6eca4e73937aed6a0dd793ba7e047b55e35b307a5836b25223520e34d7363
                                                                    • Opcode Fuzzy Hash: 141dc46c6224036006d776e19841065f05dd1418e65b387591b1a003cf84bd0f
                                                                    • Instruction Fuzzy Hash: 1B51BB73B0D24286EA24BB259C00679A992BF44BA4FB44636DD6D47BE5EF7CE401C720
                                                                    Function 00007FF702BCC1FC Relevance: 3.1, APIs: 2, Instructions: 102COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                    • String ID:
                                                                    • API String ID: 1236291503-0
                                                                    • Opcode ID: bbbb43f9e1356fc36a8983c03ebcc8b7addcb0e166801d8c410c30bb16f29642
                                                                    • Instruction ID: 04bf8d91d214c8dac598ca573fd1cd12c16fd75e37a37c6da58bb5dfcde36ebd
                                                                    • Opcode Fuzzy Hash: bbbb43f9e1356fc36a8983c03ebcc8b7addcb0e166801d8c410c30bb16f29642
                                                                    • Instruction Fuzzy Hash: DA311B23E0C10342EA14BB65AD513BA9F91AFA5B84FD45036E54D4B2E7FFECA804C274
                                                                    Function 00007FF702BDD918 Relevance: 3.1, APIs: 2, Instructions: 74fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorFileLastWrite
                                                                    • String ID:
                                                                    • API String ID: 442123175-0
                                                                    • Opcode ID: 8ebc058675795335f9a47618937f9bde65187aaad64a1c6bbc7aea363135bb52
                                                                    • Instruction ID: 77e8883862f3ee8eb92a36eded30fd93d708d915ad9179db6bb131cad97db769
                                                                    • Opcode Fuzzy Hash: 8ebc058675795335f9a47618937f9bde65187aaad64a1c6bbc7aea363135bb52
                                                                    • Instruction Fuzzy Hash: CC31E333619A829ADB10AF15E8402E9BB64FF48784F944036EB8D83719FF7DD516C710
                                                                    Function 00007FF702BDD318 Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: FileHandleType
                                                                    • String ID:
                                                                    • API String ID: 3000768030-0
                                                                    • Opcode ID: b01a8b1655aeb6f71db35254c5ecf6a703e147159c44eee076082fbba724bcfb
                                                                    • Instruction ID: 34d37871f103d212567329c54f56d5bdcf5b96bfbb2c6586863f09ca944994b8
                                                                    • Opcode Fuzzy Hash: b01a8b1655aeb6f71db35254c5ecf6a703e147159c44eee076082fbba724bcfb
                                                                    • Instruction Fuzzy Hash: C5319723A18B4792D764AB1589801B9AE50FF45BB0FA44339DBAE473E0EF78E461D310
                                                                    Function 00007FF702BDD034 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetFilePointerEx.KERNELBASE(?,?,?,?,?,00007FF702BDD020,?,?,?,?,?,00007FF702BDD129), ref: 00007FF702BDD080
                                                                    • GetLastError.KERNEL32(?,?,?,?,?,00007FF702BDD020,?,?,?,?,?,00007FF702BDD129), ref: 00007FF702BDD08A
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorFileLastPointer
                                                                    • String ID:
                                                                    • API String ID: 2976181284-0
                                                                    • Opcode ID: fb6a81950565da05b050a92576ed7c02e19ce8787ed1f1a96796d90f6b6408b2
                                                                    • Instruction ID: ccbb47ea87ae9a4241c6d7c6fab91c4e97ca78eab4f840c56d2d97cd447c1bb9
                                                                    • Opcode Fuzzy Hash: fb6a81950565da05b050a92576ed7c02e19ce8787ed1f1a96796d90f6b6408b2
                                                                    • Instruction Fuzzy Hash: AC11E663608A8281DB10AB25AC500A9EB51AF80BF4FD40331EABD0B7D5EFBCD041C714
                                                                    Function 00007FF702BDBA60 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CloseHandle.KERNELBASE(?,?,?,00007FF702BDB8DD,?,?,00000000,00007FF702BDB992), ref: 00007FF702BDBACE
                                                                    • GetLastError.KERNEL32(?,?,?,00007FF702BDB8DD,?,?,00000000,00007FF702BDB992), ref: 00007FF702BDBAD8
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CloseErrorHandleLast
                                                                    • String ID:
                                                                    • API String ID: 918212764-0
                                                                    • Opcode ID: ee1f6f2c17bcac9912aebe9a75d3c59e1af1689cfc13c1c78b5a219ca8e97850
                                                                    • Instruction ID: 29d28b3ffba39dcb4dd682ba182011c77d488e235df0be2d252830ef76c80ea9
                                                                    • Opcode Fuzzy Hash: ee1f6f2c17bcac9912aebe9a75d3c59e1af1689cfc13c1c78b5a219ca8e97850
                                                                    • Instruction Fuzzy Hash: B5218716B0868241FEA477659C902FD9E819F84798FC54235DA2E477D5FFECE445C320
                                                                    Function 00007FF702BDCDAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: ca67b63ad487b7dd06d77dc7b625cd7cf40d94e9b0d9a023c4747a6b48452177
                                                                    • Instruction ID: 8664c95c634b98df498147e792c10fc22986914c0c79171796b1e05c590bf88b
                                                                    • Opcode Fuzzy Hash: ca67b63ad487b7dd06d77dc7b625cd7cf40d94e9b0d9a023c4747a6b48452177
                                                                    • Instruction Fuzzy Hash: FE41B37390824187EA34AB29AD402B9FFA0EF55B54F900132D68E83691FFADF402D761
                                                                    Function 00007FF702BC73D0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _fread_nolock
                                                                    • String ID:
                                                                    • API String ID: 840049012-0
                                                                    • Opcode ID: 024a65eceea4021ca9242a00480abe65ac50bece6db994538720df64ffac909c
                                                                    • Instruction ID: 1a31b872edde196dc9029ef49cb7619c94522bcdb9fc79faf9f544eebb261459
                                                                    • Opcode Fuzzy Hash: 024a65eceea4021ca9242a00480abe65ac50bece6db994538720df64ffac909c
                                                                    • Instruction Fuzzy Hash: 96219122B0869246FA10BB22AC047BADE45BF45BD8FDC4030ED4D06B96EFBCE042C710
                                                                    Function 00007FF702BDC83C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: 91dc31986c532176c65ca0e3ff35a3bba52d03db3277bf6d72548c5eb48738d3
                                                                    • Instruction ID: 2454af0b3360be26d4956bd5a64d00f7243cca1d650a92a4467df902817ed92e
                                                                    • Opcode Fuzzy Hash: 91dc31986c532176c65ca0e3ff35a3bba52d03db3277bf6d72548c5eb48738d3
                                                                    • Instruction Fuzzy Hash: 54312C33A1861246E7617B659C413BDAE90AF84B64FD10236DA1D433D2FFBDE441C725
                                                                    Function 00007FF702BDA899 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: HandleModule$AddressFreeLibraryProc
                                                                    • String ID:
                                                                    • API String ID: 3947729631-0
                                                                    • Opcode ID: 78c35fc7c6e2b8000ddfa863f9affaf41ca53d2f0572e0ba78e1a207ed009a92
                                                                    • Instruction ID: 6d9b459eef2ca528fe1da554328a6e401b7e1b8cd1caa47fd90398c7dae6e901
                                                                    • Opcode Fuzzy Hash: 78c35fc7c6e2b8000ddfa863f9affaf41ca53d2f0572e0ba78e1a207ed009a92
                                                                    • Instruction Fuzzy Hash: EE21AE33A057468AEB24AF64C8402EC7BA0EF04718F850636D76D16AC9FFBCD584C764
                                                                    Function 00007FF702BD6F54 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: 0e1df9a836e05c53306103cf914f9f5afd0b17d2d4247778ac0f8a736a470cc7
                                                                    • Instruction ID: fc35673956fcc5fcd69b840517888db54ec0f035a057ea83604706e4ccf7529a
                                                                    • Opcode Fuzzy Hash: 0e1df9a836e05c53306103cf914f9f5afd0b17d2d4247778ac0f8a736a470cc7
                                                                    • Instruction Fuzzy Hash: 02111223A1C64282EA61BF61EC002F9EB64AF45B84FD44031EB4C57A96FFBDE451C761
                                                                    Function 00007FF702BE75C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: 705a0604598582430d769309be7d52bb613e0b4e097a3a0cc12fb03a34ef158b
                                                                    • Instruction ID: 6f5929a64f3212b60817587611c6e3e6d429ca2555b6f567a9c9262cf0ce38a6
                                                                    • Opcode Fuzzy Hash: 705a0604598582430d769309be7d52bb613e0b4e097a3a0cc12fb03a34ef158b
                                                                    • Instruction Fuzzy Hash: C121C873608A4257DB61AF28D840379FAA0EF84B58F940234D75D476DAEF7CD400DB10
                                                                    Function 00007FF702BCF914 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3215553584-0
                                                                    • Opcode ID: 43297e0cb54a728217cf8f13d9f8c23c45e2da10c33361e46a2ef0799771412d
                                                                    • Instruction ID: 4aea5a3d174f405786de4d2ac6b1f9c675cc4829d44d5bc42435c1848b3e1e28
                                                                    • Opcode Fuzzy Hash: 43297e0cb54a728217cf8f13d9f8c23c45e2da10c33361e46a2ef0799771412d
                                                                    • Instruction Fuzzy Hash: 56018222A0874241E908BB529C011B9EA95BF45FE4F984672DF6C13BE6EFBCE501C710
                                                                    Function 00007FF702BCC3DC Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF702BCC3F0
                                                                      • Part of subcall function 00007FF702BCCE18: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF702BCCE20
                                                                      • Part of subcall function 00007FF702BCCE18: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF702BCCE25
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                                                                    • String ID:
                                                                    • API String ID: 1208906642-0
                                                                    • Opcode ID: ececd82fc3177ae58a022cdb863293519d79894eaec9217f5cc72d6a823b184f
                                                                    • Instruction ID: 677a2f71e4151bcf2fd0b4071b904cd96b534dd878ae92d8bb503c60ab211387
                                                                    • Opcode Fuzzy Hash: ececd82fc3177ae58a022cdb863293519d79894eaec9217f5cc72d6a823b184f
                                                                    • Instruction Fuzzy Hash: 45E01223C0C20381FEA836202C422BA8E400F31308FE090BAD94D920E3BFAD3016E135
                                                                    Function 00007FF702BC84C0 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00007FF702BC8950: MultiByteToWideChar.KERNEL32(?,?,?,00007FF702BC3A04,00000000,00007FF702BC1965), ref: 00007FF702BC8989
                                                                    • LoadLibraryExW.KERNELBASE(?,00007FF702BC58B6,00000000,00007FF702BC272E), ref: 00007FF702BC84E2
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: ByteCharLibraryLoadMultiWide
                                                                    • String ID:
                                                                    • API String ID: 2592636585-0
                                                                    • Opcode ID: f60a4b28f40848f04726842085d853143cffca2c4904261e2b888fe767e0f7e9
                                                                    • Instruction ID: e0b650c60e2bd82314f09a9a6ee4b553e51862ce56645f32ef62e1be4df1f89e
                                                                    • Opcode Fuzzy Hash: f60a4b28f40848f04726842085d853143cffca2c4904261e2b888fe767e0f7e9
                                                                    • Instruction Fuzzy Hash: 71D0C213F2424241EE58F777BE4A57995529F89BC0ED89034EE0D07B56FD7CD0818B00
                                                                    Function 00007FF702BDE6C4 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • HeapAlloc.KERNEL32(?,?,?,00007FF702BD0268,?,?,?,00007FF702BD18D2,?,?,?,?,?,00007FF702BD4595), ref: 00007FF702BDE702
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: AllocHeap
                                                                    • String ID:
                                                                    • API String ID: 4292702814-0
                                                                    • Opcode ID: c4f21c11c5720e62b677d9e99b1ce174dfbed18f849e52640c9a6f6ea7657029
                                                                    • Instruction ID: d283c4ec37b224172937106174fe6940711d74166f19a17f47fb880ff45db80e
                                                                    • Opcode Fuzzy Hash: c4f21c11c5720e62b677d9e99b1ce174dfbed18f849e52640c9a6f6ea7657029
                                                                    • Instruction Fuzzy Hash: 1AF0FE27A1D24745FEA87BA15D452F599915F447A0FC84630DA2E8A2C2FFACF440C630

                                                                    Non-executed Functions

                                                                    Function 00007FF8204387AC Relevance: 107.1, APIs: 50, Strings: 11, Instructions: 305COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: DeallocDict_$FromItemLongLong_StringX_ctrl
                                                                    • String ID: accept$accept_good$accept_renegotiate$cache_full$connect$connect_good$connect_renegotiate$hits$misses$number$timeouts
                                                                    • API String ID: 3804526530-4076585280
                                                                    • Opcode ID: 715dd95d944734e913a40be08c87394b6913354ecdc7e6e20bb34b1f1c94c94f
                                                                    • Instruction ID: be2ae549f2576f63044f203d28569dd64d0bad591864df0371fccacf42fa6332
                                                                    • Opcode Fuzzy Hash: 715dd95d944734e913a40be08c87394b6913354ecdc7e6e20bb34b1f1c94c94f
                                                                    • Instruction Fuzzy Hash: 5FD12B75A09B1382EB146F71AD5463973A1BF89BD9B24B438CA1E06B54EF7CF424C380
                                                                    Function 00007FF82043513C Relevance: 103.6, APIs: 48, Strings: 11, Instructions: 317COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Dealloc$String$Dict_$Item$List_X509_$From$SizeUnicode_$AppendE_printO_ctrlO_freeO_getsX509_get0_notY_set$AfterBeforeE_entry_countE_get_entryErr_LongLong_O_newO_s_memTupleX509_get_issuer_nameX509_get_subject_nameX509_get_versionY_get_dataY_get_object
                                                                    • String ID: OCSP$caIssuers$crlDistributionPoints$failed to allocate BIO$issuer$notAfter$notBefore$serialNumber$subject$subjectAltName$version
                                                                    • API String ID: 3001048694-857226466
                                                                    • Opcode ID: 673de1ffa5e730f1f89753bedf0ae8dbc89e7f15dce628d5482f3af468f65503
                                                                    • Instruction ID: 5a9763f040500671969bf8a995c3f0f5f9a5429004cc8e4d87cb0e2d3a50cb0d
                                                                    • Opcode Fuzzy Hash: 673de1ffa5e730f1f89753bedf0ae8dbc89e7f15dce628d5482f3af468f65503
                                                                    • Instruction Fuzzy Hash: 7CD14831E0DB4386EA14AF25EE5427923A1AF45BD9F68E030DE0E46754EF3DF5648780
                                                                    Function 00007FF820435910 Relevance: 98.4, APIs: 43, Strings: 13, Instructions: 364stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: String$Err_FromSizeUnicode_$E_printFormatL_sk_numL_sk_valueList_O_ctrlO_getsO_newO_s_memTuple_WarnX509_get_ext_d2istrchr
                                                                    • String ID: %X:%X:%X:%X:%X:%X:%X:%X$%d.%d.%d.%d$<INVALID>$<invalid>$DNS$DirName$IP Address$Invalid value %.200s$Registered ID$URI$Unknown general name type %d$email$failed to allocate BIO
                                                                    • API String ID: 359532264-4109427827
                                                                    • Opcode ID: 78c71206416deb4e37f702a3e543d2b89eb89e4e4b125955326f3b688e0a21c1
                                                                    • Instruction ID: b3d2afa116f314c35ef216f59422bb84bac6c495ff10a77087506382a9d2e7f4
                                                                    • Opcode Fuzzy Hash: 78c71206416deb4e37f702a3e543d2b89eb89e4e4b125955326f3b688e0a21c1
                                                                    • Instruction Fuzzy Hash: B1F18E31A0C68286FA659B25EC18239B7A0BF84BD9F64E431EE5E46794DF3CF514C780
                                                                    Function 00007FF8321611E0 Relevance: 73.8, APIs: 26, Strings: 16, Instructions: 310threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Err_$LongLong_Occurred$Arg_$ArgumentUnsigned$BufferBuffer_E_scryptEval_Object_ReleaseStringThread$Bytes_FormatFromKeywordsRestoreSaveSizeUnpack
                                                                    • String ID: @$Invalid parameter combination for n, r, p, maxmem.$argument 'n'$argument 'p'$argument 'r'$dklen must be greater than 0 and smaller than %d$int$maxmem must be positive and smaller than %d$n is required and must be an unsigned int$n must be a power of 2.$p is required and must be an unsigned int$password is too long.$r is required and must be an unsigned int$salt is required$salt is too long.$scrypt
                                                                    • API String ID: 4172562131-3140575616
                                                                    • Opcode ID: e23ffb9ed78be7da6622ebda33d3d151b106702c7c9ba18bd6fb7fef31bb20b7
                                                                    • Instruction ID: 143b67541e4bdb4d4241d22077f4ce05c26cf07848b9792a4c2048fbe37bacc1
                                                                    • Opcode Fuzzy Hash: e23ffb9ed78be7da6622ebda33d3d151b106702c7c9ba18bd6fb7fef31bb20b7
                                                                    • Instruction Fuzzy Hash: 66E16F21A18A9281EA928B61EA442FD63A0FF45BD9F144135DD9EC3BB4DFBCF444E340
                                                                    Function 00007FF82043C2E8 Relevance: 59.7, APIs: 31, Strings: 3, Instructions: 227threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _PyObject_GC_New.PYTHON313(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C386
                                                                    • ERR_clear_error.LIBCRYPTO-3(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C3C9
                                                                    • PyEval_SaveThread.PYTHON313(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C3CF
                                                                    • SSL_new.LIBSSL-3(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C3DB
                                                                    • PyEval_RestoreThread.PYTHON313(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C3E8
                                                                    • _Py_Dealloc.PYTHON313(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C405
                                                                    • SSL_set_session_id_context.LIBSSL-3(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C435
                                                                    • SSL_get0_param.LIBSSL-3(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C43F
                                                                    • X509_VERIFY_PARAM_set_hostflags.LIBCRYPTO-3(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C44C
                                                                    • SSL_set_ex_data.LIBSSL-3(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C45B
                                                                    • SSL_set_fd.LIBSSL-3(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C46E
                                                                    • BIO_up_ref.LIBCRYPTO-3(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C482
                                                                    • BIO_up_ref.LIBCRYPTO-3(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C494
                                                                    • SSL_set_bio.LIBSSL-3(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C4A6
                                                                    • SSL_ctrl.LIBSSL-3(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C4C0
                                                                    • SSL_get_verify_mode.LIBSSL-3(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C4D4
                                                                    • SSL_set_verify.LIBSSL-3(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C4EB
                                                                    • SSL_set_post_handshake_auth.LIBSSL-3(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C4F5
                                                                    • SSL_get_rbio.LIBSSL-3(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C522
                                                                    • BIO_ctrl.LIBCRYPTO-3(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C537
                                                                    • SSL_get_wbio.LIBSSL-3(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C541
                                                                    • BIO_ctrl.LIBCRYPTO-3(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C552
                                                                    • PyEval_SaveThread.PYTHON313(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C558
                                                                    • SSL_set_connect_state.LIBSSL-3(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C569
                                                                    • SSL_set_accept_state.LIBSSL-3(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C571
                                                                    • PyEval_RestoreThread.PYTHON313(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C57A
                                                                    • PyWeakref_NewRef.PYTHON313(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C58D
                                                                    • PyWeakref_NewRef.PYTHON313(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C5BB
                                                                    • _Py_Dealloc.PYTHON313(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C5D8
                                                                    • _Py_Dealloc.PYTHON313(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C5FA
                                                                    • PyObject_GC_Track.PYTHON313(?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043C62E
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Eval_Thread$Dealloc$O_ctrlO_up_refObject_RestoreSaveWeakref_$L_ctrlL_get0_paramL_get_rbioL_get_verify_modeL_get_wbioL_newL_set_accept_stateL_set_bioL_set_connect_stateL_set_ex_dataL_set_fdL_set_post_handshake_authL_set_session_id_contextL_set_verifyM_set_hostflagsR_clear_errorTrackX509_
                                                                    • String ID: Cannot create a client socket with a PROTOCOL_TLS_SERVER context$Cannot create a server socket with a PROTOCOL_TLS_CLIENT context$Python
                                                                    • API String ID: 14446988-1888807747
                                                                    • Opcode ID: a750bc80da5a52ac24924a5c6ff15ea33009352312f1653b947d47f9f0a0eee1
                                                                    • Instruction ID: 898175b6d2b718bd034dc138d762d67ca9f0e36c07435192ff4889e2570dc1a7
                                                                    • Opcode Fuzzy Hash: a750bc80da5a52ac24924a5c6ff15ea33009352312f1653b947d47f9f0a0eee1
                                                                    • Instruction Fuzzy Hash: 89A14936A08A1286EB649F26EC5413973A0FF85BD8B64A035DE4E43B60DF3CF595C780
                                                                    Function 00007FF832161E20 Relevance: 51.0, APIs: 24, Strings: 5, Instructions: 227threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: D_fetchModule_Object_State$BufferBuffer_Err_Eval_ReleaseStringThread$CheckD_freeD_get_flagsD_up_refDeallocDigestInit_exPy_hashtable_getRestoreSaveX_new
                                                                    • String ID: -fips$Buffer must be single dimension$Strings must be encoded before hashing$object supporting the buffer API required$unsupported hash type %s
                                                                    • API String ID: 2460687060-2451375418
                                                                    • Opcode ID: 22907af6c50bfd9099f5f74a32a1021f685966d8acf03313c91f7058d1a1696b
                                                                    • Instruction ID: 7cc956268c2195d53865889c14fd177fd7db179bc0dd35b2196b45462810c061
                                                                    • Opcode Fuzzy Hash: 22907af6c50bfd9099f5f74a32a1021f685966d8acf03313c91f7058d1a1696b
                                                                    • Instruction Fuzzy Hash: 37916D22E1C68285EAA68B15AB402FD62A0BF95FD1F144135DE5E837B4DFBCF448E240
                                                                    Function 00007FF820435030 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 68COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00007FF820432358: OBJ_obj2txt.LIBCRYPTO-3 ref: 00007FF82043239D
                                                                      • Part of subcall function 00007FF820432358: PyUnicode_FromStringAndSize.PYTHON313 ref: 00007FF8204323C3
                                                                    • ASN1_STRING_type.LIBCRYPTO-3(?,?,?,?,?,?,00000000,00007FF820434F05), ref: 00007FF820435074
                                                                    • ASN1_STRING_length.LIBCRYPTO-3(?,?,?,?,?,?,00000000,00007FF820434F05), ref: 00007FF820435082
                                                                    • ASN1_STRING_get0_data.LIBCRYPTO-3(?,?,?,?,?,?,00000000,00007FF820434F05), ref: 00007FF82043508E
                                                                    • Py_BuildValue.PYTHON313(?,?,?,?,?,?,00000000,00007FF820434F05), ref: 00007FF8204350A4
                                                                      • Part of subcall function 00007FF8204363A4: ERR_peek_last_error.LIBCRYPTO-3 ref: 00007FF8204363BC
                                                                      • Part of subcall function 00007FF8204363A4: ERR_clear_error.LIBCRYPTO-3 ref: 00007FF8204363E5
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: BuildFromG_get0_dataG_lengthG_typeJ_obj2txtR_clear_errorR_peek_last_errorSizeStringUnicode_Value
                                                                    • String ID: D:\a\1\s\Modules\_ssl.c$Ns#$Ny#
                                                                    • API String ID: 3688187681-3706530764
                                                                    • Opcode ID: 5a65749e0812384b1baaeab810bb2d3b0daa5cce1e3a4c9cc4321cd988c69716
                                                                    • Instruction ID: 25a8b6ffa068a563fd0bcc6e5a578272c55242f54c675baa25d56922c74efbe4
                                                                    • Opcode Fuzzy Hash: 5a65749e0812384b1baaeab810bb2d3b0daa5cce1e3a4c9cc4321cd988c69716
                                                                    • Instruction Fuzzy Hash: C6217A25A0CB5282FB149B16FD542796360EF85BD8F64E030EE0E46BA5EF3CF1558780
                                                                    Function 00007FF832164390 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                    • String ID:
                                                                    • API String ID: 313767242-0
                                                                    • Opcode ID: 6b94263228284adea3e7e1cdca652a094aa349ee7aad73e387e1651aa79022c0
                                                                    • Instruction ID: 5754fd58b1cc08e7e504c3e3345ef4c077b1a3aa755d10a0b344b782210f768a
                                                                    • Opcode Fuzzy Hash: 6b94263228284adea3e7e1cdca652a094aa349ee7aad73e387e1651aa79022c0
                                                                    • Instruction Fuzzy Hash: 39313D72619B818AEB619F60E8403EE7364FB84784F44403ADE4E87BA5DF7CE648D710
                                                                    Function 00007FF82043339C Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                    • String ID:
                                                                    • API String ID: 313767242-0
                                                                    • Opcode ID: d97abcff6220718919fee2a89a056d92263d2e288a8e8cbc4f6de1da41b21627
                                                                    • Instruction ID: fcd996f9b2d351bc3b0c21b928bee4ab16ecf8215d66f779bac1d860f6f2e44a
                                                                    • Opcode Fuzzy Hash: d97abcff6220718919fee2a89a056d92263d2e288a8e8cbc4f6de1da41b21627
                                                                    • Instruction Fuzzy Hash: 36314C72608B8186EB649F60E8803ED7374FB8478CF14903ADA4E47B95EF38E549C750
                                                                    Function 00007FF820434D78 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Bytes_FromO_freeR_clear_errorR_peek_last_errorSizeStringX509i2d_
                                                                    • String ID: D:\a\1\s\Modules\_ssl.c
                                                                    • API String ID: 2720122973-132925792
                                                                    • Opcode ID: 7c8911e33ffb4df06aabdee113e55d9b2ccba17d1c43b2a88d6bfc928b722f14
                                                                    • Instruction ID: 20f6596bf50a7bd64dc958cdc65dc23ab20bad5fae42759363dee6d119c10d16
                                                                    • Opcode Fuzzy Hash: 7c8911e33ffb4df06aabdee113e55d9b2ccba17d1c43b2a88d6bfc928b722f14
                                                                    • Instruction Fuzzy Hash: 1CF04955B1864282EF009B62E814369A351AF88BE9F149430DD4D46715EFACF0148740
                                                                    Function 00007FF832165DC0 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: O_memcmp
                                                                    • String ID:
                                                                    • API String ID: 2788248766-0
                                                                    • Opcode ID: d3ad7d0c385042fecc03faca2d7323f65c539fdecdcb2437dbde10a64ee9a806
                                                                    • Instruction ID: 995c0000439a3b8f906db915396cc6e13c73071dc5859f8b83fc468182908620
                                                                    • Opcode Fuzzy Hash: d3ad7d0c385042fecc03faca2d7323f65c539fdecdcb2437dbde10a64ee9a806
                                                                    • Instruction Fuzzy Hash: D8D0C252F1878942CF0CC7A7BE804ACA1525BACBD074D8039AE0D83B65C82CC4D04500
                                                                    Function 00007FF702BC4C40 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetProcAddress.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4C50
                                                                    • GetLastError.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4C62
                                                                    • GetProcAddress.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4C99
                                                                    • GetLastError.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4CAB
                                                                    • GetProcAddress.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4CC4
                                                                    • GetLastError.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4CD6
                                                                    • GetProcAddress.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4CEF
                                                                    • GetLastError.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4D01
                                                                    • GetProcAddress.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4D1D
                                                                    • GetLastError.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4D2F
                                                                    • GetProcAddress.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4D4B
                                                                    • GetLastError.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4D5D
                                                                    • GetProcAddress.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4D79
                                                                    • GetLastError.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4D8B
                                                                    • GetProcAddress.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4DA7
                                                                    • GetLastError.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4DB9
                                                                    • GetProcAddress.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4DD5
                                                                    • GetLastError.KERNEL32(?,00007FF702BC590F,00000000,00007FF702BC272E), ref: 00007FF702BC4DE7
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: AddressErrorLastProc
                                                                    • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                    • API String ID: 199729137-653951865
                                                                    • Opcode ID: 91fe38e706475bc85e8e17d1603b2dd44d209342b91b11e5c33006422c226cfa
                                                                    • Instruction ID: 32799c68156d35298d7425f570a5ede5f7c4ffafbae66ceaacb060627a6f1b5e
                                                                    • Opcode Fuzzy Hash: 91fe38e706475bc85e8e17d1603b2dd44d209342b91b11e5c33006422c226cfa
                                                                    • Instruction Fuzzy Hash: 9222AF6690DB07A1FE14FB60AC642B5ABA4AF48759FD81531D80E06275FFFCB649C230
                                                                    Function 00007FF8204378F8 Relevance: 75.5, APIs: 33, Strings: 10, Instructions: 218threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • PyType_GetModuleByDef.PYTHON313(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437920
                                                                    • PyErr_SetString.PYTHON313(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437942
                                                                    • TLS_server_method.LIBSSL-3(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437999
                                                                    • TLS_client_method.LIBSSL-3(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF8204379A4
                                                                    • PyErr_WarnEx.PYTHON313(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF8204379C3
                                                                    • TLSv1_2_method.LIBSSL-3(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF8204379D2
                                                                    • PyErr_WarnEx.PYTHON313(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF8204379EE
                                                                    • TLSv1_1_method.LIBSSL-3(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF8204379FD
                                                                    • PyErr_WarnEx.PYTHON313(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437A19
                                                                    • TLSv1_method.LIBSSL-3(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437A28
                                                                    • PyErr_WarnEx.PYTHON313(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437A44
                                                                    • TLS_method.LIBSSL-3(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437A53
                                                                    • PyErr_Format.PYTHON313(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437A75
                                                                    • PyEval_SaveThread.PYTHON313(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437A80
                                                                    • SSL_CTX_new.LIBSSL-3(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437A8C
                                                                    • PyEval_RestoreThread.PYTHON313(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437A98
                                                                    • PyModule_GetState.PYTHON313(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437AA6
                                                                    • SSL_CTX_free.LIBSSL-3(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437ADD
                                                                    • PyModule_GetState.PYTHON313(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437B0D
                                                                    • _Py_Dealloc.PYTHON313(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437B51
                                                                    • SSL_CTX_set_options.LIBSSL-3(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437B78
                                                                    • SSL_CTX_set_cipher_list.LIBSSL-3(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437B93
                                                                    • ERR_clear_error.LIBCRYPTO-3(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437B9D
                                                                    • PyErr_SetString.PYTHON313(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437BB2
                                                                    • SSL_CTX_ctrl.LIBSSL-3(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437BDB
                                                                    • PyErr_Format.PYTHON313(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437BF9
                                                                    • _Py_Dealloc.PYTHON313(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437C0D
                                                                    • ERR_clear_error.LIBCRYPTO-3(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437C13
                                                                    • SSL_CTX_ctrl.LIBSSL-3(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437C2D
                                                                    • SSL_CTX_get0_param.LIBSSL-3(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437C37
                                                                    • X509_VERIFY_PARAM_set_flags.LIBCRYPTO-3(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437C48
                                                                    • X509_VERIFY_PARAM_set_hostflags.LIBCRYPTO-3(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437C54
                                                                    • SSL_CTX_set_post_handshake_auth.LIBSSL-3(?,?,?,?,00000000,00007FF820436E1F), ref: 00007FF820437C64
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Err_$Warn$DeallocEval_FormatModule_R_clear_errorStateStringThreadX509_X_ctrl$M_set_flagsM_set_hostflagsModuleRestoreS_client_methodS_methodS_server_methodSaveSv1_1_methodSv1_2_methodSv1_methodType_X_freeX_get0_paramX_newX_set_cipher_listX_set_optionsX_set_post_handshake_auth
                                                                    • String ID: @SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM$Cannot find internal module state$Failed to set minimum protocol 0x%x$HIGH:!aNULL:!eNULL$No cipher can be selected.$invalid or unsupported protocol version %i$ssl.PROTOCOL_TLS is deprecated$ssl.PROTOCOL_TLSv1 is deprecated$ssl.PROTOCOL_TLSv1_1 is deprecated$ssl.PROTOCOL_TLSv1_2 is deprecated
                                                                    • API String ID: 2858978057-3426422906
                                                                    • Opcode ID: d4d639589e3e99afbe25f29844289e5a17fdfbca3b5534a8dea2ba25fd74d11f
                                                                    • Instruction ID: 35ab902e09866d1dcba9f33a6e40a922ea918d14be1a43defaeed8cdad9ccd41
                                                                    • Opcode Fuzzy Hash: d4d639589e3e99afbe25f29844289e5a17fdfbca3b5534a8dea2ba25fd74d11f
                                                                    • Instruction Fuzzy Hash: 24A12871A08A0282EA649B26FD5493823A1FF84BDCF60B531DA5E477A0DF3CF564D780
                                                                    Function 00007FF820437D58 Relevance: 68.5, APIs: 36, Strings: 3, Instructions: 206threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Err_$DeallocR_clear_errorStringUnicode_X_set_default_passwd_cbX_set_default_passwd_cb_userdata$ConverterEval_ExceptionFreeMatchesMem_Thread_errno$Callable_CheckErrnoFormatFromR_peek_last_errorRestoreSaveX_get_default_passwd_cbX_get_default_passwd_cb_userdataX_use_certificate_chain_file
                                                                    • String ID: certfile should be a valid filesystem path$keyfile should be a valid filesystem path$password should be a string or callable
                                                                    • API String ID: 1360066414-998072137
                                                                    • Opcode ID: 37e8f32df311667f3c829c73b69ed1d33ff4de0d71b2df9db9c22daa677ec8b1
                                                                    • Instruction ID: ea916698f34bb0345984d4817e63705ca810a4ce8a600945532e49984b86daab
                                                                    • Opcode Fuzzy Hash: 37e8f32df311667f3c829c73b69ed1d33ff4de0d71b2df9db9c22daa677ec8b1
                                                                    • Instruction Fuzzy Hash: B9A10666A09A0286EB249F61EC5457923B1BF88BDDB24A435EE4E43B54CF3DF464C390
                                                                    Function 00007FF820432410 Relevance: 64.9, APIs: 18, Strings: 19, Instructions: 124COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Module_$ObjectWith$Err_Exception$Dealloc$BasesFromPackSpecStateTuple_Type_
                                                                    • String ID: A certificate could not be verified.$Non-blocking SSL socket needs to read more databefore the requested operation can be completed.$Non-blocking SSL socket needs to write more databefore the requested operation can be completed.$SSL/TLS connection terminated abruptly.$SSL/TLS session closed cleanly.$SSLCertVerificationError$SSLEOFError$SSLError$SSLSyscallError$SSLWantReadError$SSLWantWriteError$SSLZeroReturnError$System error when attempting SSL operation.$ssl.SSLCertVerificationError$ssl.SSLEOFError$ssl.SSLSyscallError$ssl.SSLWantReadError$ssl.SSLWantWriteError$ssl.SSLZeroReturnError
                                                                    • API String ID: 2091157252-1330971811
                                                                    • Opcode ID: 9d6124aa55350f76107c1d53629cccf65eafe9236266247094139ceebc1b1414
                                                                    • Instruction ID: 9e373ec9b52566a6a758154a0b6f2ce15870de77dd1973434fcd1cc6d2214efe
                                                                    • Opcode Fuzzy Hash: 9d6124aa55350f76107c1d53629cccf65eafe9236266247094139ceebc1b1414
                                                                    • Instruction Fuzzy Hash: CB510AB1A09B8391EB04AF26FD546A537A1BF45BCCB60B035D90D43BA4EE2CF159C380
                                                                    Function 00007FF82043BEAC Relevance: 63.3, APIs: 29, Strings: 7, Instructions: 251COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • Py_BuildValue.PYTHON313(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043BF1A
                                                                    • PyDict_GetItemWithError.PYTHON313(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043BF33
                                                                    • _Py_Dealloc.PYTHON313(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043BF49
                                                                    • PyErr_Occurred.PYTHON313(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043BF54
                                                                    • PyLong_FromLong.PYTHON313(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043BF65
                                                                    • PyDict_GetItemWithError.PYTHON313(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043BF7E
                                                                    • _Py_Dealloc.PYTHON313(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043BF94
                                                                    • PyErr_Occurred.PYTHON313(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043BF9F
                                                                    • ERR_reason_error_string.LIBCRYPTO-3(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043BFBE
                                                                    • SSL_get_verify_result.LIBSSL-3(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043C003
                                                                    • PyLong_FromLong.PYTHON313(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043C00D
                                                                    • X509_verify_cert_error_string.LIBCRYPTO-3(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043C02B
                                                                    • PyUnicode_FromString.PYTHON313(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043C039
                                                                    • PyUnicode_FromFormat.PYTHON313(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043C067
                                                                    • PyUnicode_FromFormat.PYTHON313(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043C0A3
                                                                    • PyUnicode_FromFormat.PYTHON313(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043C0D0
                                                                    • PyUnicode_FromFormat.PYTHON313(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043C0F2
                                                                    • PyUnicode_FromFormat.PYTHON313(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043C10C
                                                                    • Py_BuildValue.PYTHON313(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043C142
                                                                    • PyObject_CallObject.PYTHON313(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043C15F
                                                                    • _Py_Dealloc.PYTHON313(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043C176
                                                                    • PyObject_SetAttr.PYTHON313(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043C19D
                                                                    • PyObject_SetAttr.PYTHON313(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043C1BC
                                                                    • PyObject_SetAttr.PYTHON313(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043C1E6
                                                                    • PyObject_SetAttr.PYTHON313(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043C1FD
                                                                    • PyErr_SetObject.PYTHON313(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043C20D
                                                                    • _Py_Dealloc.PYTHON313(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043C221
                                                                    • _Py_Dealloc.PYTHON313(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043C23B
                                                                    • _Py_Dealloc.PYTHON313(?,00000000,?,?,00000000,00000000,00000000,00007FF8204363E5), ref: 00007FF82043C254
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: From$DeallocUnicode_$FormatObject_$Attr$Err_$BuildDict_ErrorItemLongLong_ObjectOccurredValueWith$CallL_get_verify_resultR_reason_error_stringStringX509_verify_cert_error_string
                                                                    • String ID: %s (_ssl.c:%d)$Hostname mismatch, certificate is not valid for '%S'.$IP address mismatch, certificate is not valid for '%S'.$[%S: %S] %s (_ssl.c:%d)$[%S: %S] %s: %S (_ssl.c:%d)$[%S] %s (_ssl.c:%d)$unknown error
                                                                    • API String ID: 1604805535-2914327905
                                                                    • Opcode ID: 22415b49abb2d7f392d3107f568e0a3336a5bff9e09a61777d92fe2b654dd840
                                                                    • Instruction ID: 8a1334e2792c8482117110cf0a42543d6c763b95d23ea0c436413a4c92a97a7e
                                                                    • Opcode Fuzzy Hash: 22415b49abb2d7f392d3107f568e0a3336a5bff9e09a61777d92fe2b654dd840
                                                                    • Instruction Fuzzy Hash: 34B18D21E0CA8285EA68AF51AD4477A63A1BF45BC8F28E034DE0E47794DF3CF594C780
                                                                    Function 00007FF833AB7BDC Relevance: 58.1, APIs: 4, Strings: 29, Instructions: 381COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Name::operator+
                                                                    • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $this $unsigned $void$volatile$wchar_t
                                                                    • API String ID: 2943138195-1482988683
                                                                    • Opcode ID: a2c27aef857a1be5b859030660f08b7ca73635be6048625c1ed2e335bbf60e8e
                                                                    • Instruction ID: 2ebca63e355c4c1bb1c051de3059e085ced4e26c23cc85893b79b906c54410a7
                                                                    • Opcode Fuzzy Hash: a2c27aef857a1be5b859030660f08b7ca73635be6048625c1ed2e335bbf60e8e
                                                                    • Instruction Fuzzy Hash: 57029C32E0AE56A8FB148B69D8562BC27B4BF053C5F504139EA0D77AB8DF6DA544E300
                                                                    Function 00007FF82043B9C4 Relevance: 47.4, APIs: 16, Strings: 11, Instructions: 143COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: J_nid2ln$BuildR_descriptionR_get_auth_nidR_get_bitsR_get_cipher_nidR_get_digest_nidR_get_idR_get_kx_nidR_get_nameR_get_versionR_is_aeadValuememset
                                                                    • String ID: aead$alg_bits$auth$description$digest$kea$name$protocol$strength_bits$symmetric${sksssssssisisOssssssss}
                                                                    • API String ID: 1339383425-4085912083
                                                                    • Opcode ID: 7a8ad1d802ea9b2182a3134859e6f20e60bb9bc20679da5e2fe8051fa296bb79
                                                                    • Instruction ID: 4deb8c0fdeed6d258efe1a203cfdd836fdf2812dfc678c27ae787c5c21db566c
                                                                    • Opcode Fuzzy Hash: 7a8ad1d802ea9b2182a3134859e6f20e60bb9bc20679da5e2fe8051fa296bb79
                                                                    • Instruction Fuzzy Hash: 08611E35A08B8295EB209B11FC443AA73A4FB887D8F649136DA9E43754DF3CF455C780
                                                                    Function 00007FF8204382A4 Relevance: 45.7, APIs: 21, Strings: 5, Instructions: 190threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Err_$DeallocExceptionMatchesUnicode_$BufferBuffer_ConverterEval_Object_ReleaseStringThread_errno$CheckErrnoFromR_clear_errorRestoreSaveX_load_verify_locations
                                                                    • String ID: cadata should be a contiguous buffer with a single dimension$cadata should be an ASCII string or a bytes-like object$cafile should be a valid filesystem path$cafile, capath and cadata cannot be all omitted$capath should be a valid filesystem path
                                                                    • API String ID: 3514852180-3904065072
                                                                    • Opcode ID: b2381b74b1dc3945153ef28b4e873b4a04330bd0857d81ee4c278a31b60d105d
                                                                    • Instruction ID: 8d2bc97a81852032eb2c237f75112006e8348a7ab85c750ee20fe289d110a4fd
                                                                    • Opcode Fuzzy Hash: b2381b74b1dc3945153ef28b4e873b4a04330bd0857d81ee4c278a31b60d105d
                                                                    • Instruction Fuzzy Hash: FA811761B09B0296EB549F65ED44278A3A0AF44BDCF64A439ED1E87B94EF7CF444C380
                                                                    Function 00007FF820439E74 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 234threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00007FF820433C98: PyWeakref_GetRef.PYTHON313 ref: 00007FF820433CAA
                                                                      • Part of subcall function 00007FF820433C98: _Py_Dealloc.PYTHON313 ref: 00007FF820433CCC
                                                                    • PyErr_SetString.PYTHON313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF820439E42), ref: 00007FF820439ED3
                                                                    • PyBytes_FromStringAndSize.PYTHON313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF820439E42), ref: 00007FF820439F25
                                                                    • _Py_Dealloc.PYTHON313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF820439E42), ref: 00007FF820439F4F
                                                                    • PyErr_SetString.PYTHON313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF820439E42), ref: 00007FF820439F95
                                                                    • SSL_get_rbio.LIBSSL-3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF820439E42), ref: 00007FF820439FBD
                                                                    • BIO_ctrl.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF820439E42), ref: 00007FF820439FD2
                                                                    • SSL_get_wbio.LIBSSL-3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF820439E42), ref: 00007FF820439FDC
                                                                    • BIO_ctrl.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF820439E42), ref: 00007FF820439FED
                                                                    • _PyDeadline_Init.PYTHON313 ref: 00007FF82043A009
                                                                    • PyEval_SaveThread.PYTHON313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF820439E42), ref: 00007FF82043A01C
                                                                    • SSL_read_ex.LIBSSL-3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF820439E42), ref: 00007FF82043A034
                                                                    • PyEval_RestoreThread.PYTHON313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF820439E42), ref: 00007FF82043A068
                                                                    • PyErr_CheckSignals.PYTHON313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF820439E42), ref: 00007FF82043A07D
                                                                    • _PyDeadline_Get.PYTHON313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF820439E42), ref: 00007FF82043A097
                                                                    • SSL_get_shutdown.LIBSSL-3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF820439E42), ref: 00007FF82043A0E6
                                                                    • _Py_Dealloc.PYTHON313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF820439E42), ref: 00007FF82043A12E
                                                                    • _PyBytes_Resize.PYTHON313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF820439E42), ref: 00007FF82043A141
                                                                    • _Py_Dealloc.PYTHON313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF820439E42), ref: 00007FF82043A16C
                                                                    • _Py_Dealloc.PYTHON313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF820439E42), ref: 00007FF82043A19A
                                                                    • PyLong_FromSize_t.PYTHON313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF820439E42), ref: 00007FF82043A1A9
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Dealloc$Err_String$Bytes_Deadline_Eval_FromO_ctrlThread$CheckInitL_get_rbioL_get_shutdownL_get_wbioL_read_exLong_ResizeRestoreSaveSignalsSizeSize_tWeakref_
                                                                    • String ID: The read operation timed out$Underlying socket connection gone$maximum length can't fit in a C 'int'$size should not be negative
                                                                    • API String ID: 2728777618-665203206
                                                                    • Opcode ID: af4464d95aed3b66f6aae2d8e1dce72a20609d0411abf31570a10f349f0a986c
                                                                    • Instruction ID: 936782c1a56c5b9a8944bb5cfef70af175e609a1cdbfef90d995605cde8ea1f0
                                                                    • Opcode Fuzzy Hash: af4464d95aed3b66f6aae2d8e1dce72a20609d0411abf31570a10f349f0a986c
                                                                    • Instruction Fuzzy Hash: 68A15932A09A1285EB659F61AC4417D63B0BF84BDCF25A036DE1E57B94DF3DF8528380
                                                                    Function 00007FF820436190 Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 151COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Dealloc$Err_State_$ReleaseUnraisableWrite$ArgsCallFunctionObject_$EncodedEnsureFromL_get_ex_dataL_get_servernameLongLong_ObjectOccurredUnicode_Weakref_
                                                                    • String ID: ascii
                                                                    • API String ID: 1648778365-3510295289
                                                                    • Opcode ID: f6a41e253e87496dec174ddb118f5b4effa9612ee0b344b954f37d9a95ef91d2
                                                                    • Instruction ID: 2dba2eb25fdebfe522107ce680275fce42a217a80c12a5b9cee076c98e6f1336
                                                                    • Opcode Fuzzy Hash: f6a41e253e87496dec174ddb118f5b4effa9612ee0b344b954f37d9a95ef91d2
                                                                    • Instruction Fuzzy Hash: 68611A35A09A0386EB59AF25EC1827963A0BF44BDDF25E030DE0E46794DF3DF4558780
                                                                    Function 00007FF820434DE8 Relevance: 36.2, APIs: 24, Instructions: 170COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: DeallocList_$X509_$AppendTuple$Y_set$E_entry_countE_get_entryY_get_dataY_get_object
                                                                    • String ID:
                                                                    • API String ID: 3918441104-0
                                                                    • Opcode ID: 18e556821791e24438482e07583c963420eb9d61cb1dfaa518ba4c3e09edcc6c
                                                                    • Instruction ID: 8e7676545f260c07121ae1a436e8dc991b97dc72e4aa8ff03180b0e5b4ddd92a
                                                                    • Opcode Fuzzy Hash: 18e556821791e24438482e07583c963420eb9d61cb1dfaa518ba4c3e09edcc6c
                                                                    • Instruction Fuzzy Hash: 8C614031A0960382EB196F25AD1437962E1BF85BEDFA8E034DE1E46794EF3DB451C780
                                                                    Function 00007FF820434B64 Relevance: 35.1, APIs: 15, Strings: 5, Instructions: 146COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: R_clear_errorR_peek_last_error$E_add_certErr_M_read_bio_O_ctrlO_freeO_new_mem_bufStringX509X509_X509_bioX509_freeX_get_cert_storeX_get_default_passwd_cbX_get_default_passwd_cb_userdatad2i_
                                                                    • String ID: Can't allocate buffer$Certificate data is too long.$Empty certificate data$no start line: cadata does not contain a certificate$not enough data: cadata does not contain a certificate
                                                                    • API String ID: 2827233063-3246380861
                                                                    • Opcode ID: 5f1b75ad60cc3897d371f7a3953397cc4f6addcaf9e2d3c324dc3eff40318de0
                                                                    • Instruction ID: f5ccb765ff08c64b86a634096940cd925909a38250e8ec395878965c51add156
                                                                    • Opcode Fuzzy Hash: 5f1b75ad60cc3897d371f7a3953397cc4f6addcaf9e2d3c324dc3eff40318de0
                                                                    • Instruction Fuzzy Hash: EB517221A08A0383FB609B16BC4027A62A1BFC5BDCFB4A131ED5E477A4DF3CF4558640
                                                                    Function 00007FF82043AE98 Relevance: 34.7, APIs: 23, Instructions: 200encryptionCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Dealloc$Cert$Store$FromSet_$Bytes_CertificateCertificatesCloseContextEnumErr_ErrorFreeLastListOpenSequence_SizeStringTuple_Windows
                                                                    • String ID:
                                                                    • API String ID: 3212101135-0
                                                                    • Opcode ID: fd7e4a7a430e280652f4ba3013a31e28f4005d4e83d55ef0599d5ef43952ab78
                                                                    • Instruction ID: cec19d44a7062e1fc954d21415cb66244e8c708553f9b13d67e26837763d1575
                                                                    • Opcode Fuzzy Hash: fd7e4a7a430e280652f4ba3013a31e28f4005d4e83d55ef0599d5ef43952ab78
                                                                    • Instruction Fuzzy Hash: E9813A35E09A0285EA597F25AE1423A62B0BF44BDDF68E431DE1E06794DF3DB465C3C0
                                                                    Function 00007FF82043A86C Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 176threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Dealloc$Deadline_Err_Eval_O_ctrlThread$CheckFromInitL_get_rbioL_get_wbioL_write_exLong_R_clear_errorR_peek_last_errorRestoreSaveSignalsSize_tStringWeakref_
                                                                    • String ID: The write operation timed out$Underlying socket connection gone$Underlying socket has been closed.$Underlying socket too large for select().$k
                                                                    • API String ID: 438463835-3030461986
                                                                    • Opcode ID: 5b9b43cc196f0ad448d61836ceee14e9cb617b5b99feebafab0537816dd72851
                                                                    • Instruction ID: c1ef83f289d5babac8b190603829c46c0691cb3bd0ee3163bbb9376f6f226786
                                                                    • Opcode Fuzzy Hash: 5b9b43cc196f0ad448d61836ceee14e9cb617b5b99feebafab0537816dd72851
                                                                    • Instruction Fuzzy Hash: F0715E62A48A4286EB649F21AC4027963A0FF89BDCF25E432DE4E57754DF3CF455C381
                                                                    Function 00007FF8321652D0 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 137COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Arg_Bool_CheckFromLongPositional
                                                                    • String ID: Buffer must be single dimension$compare_digest$comparing strings with non-ASCII characters is not supported$unsupported operand types(s) or combination of types: '%.100s' and '%.100s'
                                                                    • API String ID: 2366872897-2538118963
                                                                    • Opcode ID: aba1f7163b7003b8da3d151af26215349a2f73fd84e6f034d3ef5b60eca24cf3
                                                                    • Instruction ID: 5dfba15de634df5f3334375451dd356945ab0dc3e66cd47f2f32e467cd870e7b
                                                                    • Opcode Fuzzy Hash: aba1f7163b7003b8da3d151af26215349a2f73fd84e6f034d3ef5b60eca24cf3
                                                                    • Instruction Fuzzy Hash: 45517F61A18A4692EB218B25EA543FE2360FF44BC5F544036DE4EC76B8DFACF448E740
                                                                    Function 00007FF82043A4C4 Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 174threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Dealloc$Deadline_Eval_O_ctrlThread$Err_InitL_get_rbioL_get_wbioL_set_read_aheadL_shutdownRestoreSaveStringWeakref_
                                                                    • String ID: The read operation timed out$The write operation timed out$Underlying socket connection gone$Underlying socket too large for select().$}
                                                                    • API String ID: 3315248981-3002038434
                                                                    • Opcode ID: 68dd04aa56103d64c9e2216fb32348294d9688bdca7f07c3ab9c19175540b1d9
                                                                    • Instruction ID: 61c8a7b38e757205613c63708f8563517a767677f22d099c94bbd1970a7c6a57
                                                                    • Opcode Fuzzy Hash: 68dd04aa56103d64c9e2216fb32348294d9688bdca7f07c3ab9c19175540b1d9
                                                                    • Instruction Fuzzy Hash: 60717E22A48A4286EB649F11ED842797360FF85BD8F24A136DE4E47791DF3CF4A5C380
                                                                    Function 00007FF82043B450 Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 136COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Bytes_DeallocDecodeDefaultFromStringUnicode_$BuildValueX509_get_default_cert_dirX509_get_default_cert_dir_envX509_get_default_cert_fileX509_get_default_cert_file_env
                                                                    • String ID: NNNN
                                                                    • API String ID: 4174375237-3742719684
                                                                    • Opcode ID: 61e1789f3b203db7d7e41f0786ed0491e25cc910528ad2620d5dd70991402879
                                                                    • Instruction ID: 31a544ff8b567bfce4e79bdb1c8ae7f81e2608ae72fcc70499304ba2b074db4b
                                                                    • Opcode Fuzzy Hash: 61e1789f3b203db7d7e41f0786ed0491e25cc910528ad2620d5dd70991402879
                                                                    • Instruction Fuzzy Hash: 4151D735A09B439AFA55AF16AD1433862B0AF55BECF28E430DE0E46755EE3CF44187C0
                                                                    Function 00007FF820431F00 Relevance: 30.2, APIs: 20, Instructions: 211COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Dealloc$Module_State
                                                                    • String ID:
                                                                    • API String ID: 3434497292-0
                                                                    • Opcode ID: 88564596b623386193526dea9023128f7cdc5e13e45d4ec1376533f15e7861e0
                                                                    • Instruction ID: 38b8c3d1354b02a1074f2f569846b581c1b4358ebd6901816ce5eb5b1e70af8d
                                                                    • Opcode Fuzzy Hash: 88564596b623386193526dea9023128f7cdc5e13e45d4ec1376533f15e7861e0
                                                                    • Instruction Fuzzy Hash: 6691E63290EA42C9EA5AAF789E5413833A4BF85FDDB34E430CA4E45795CF2EB455C390
                                                                    Function 00007FF82043B230 Relevance: 30.2, APIs: 20, Instructions: 161encryptionCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Dealloc$Cert$Store$FromSet_$Bytes_CloseContextEnumErr_ErrorFreeLastListOpenSequence_SizeStringTuple_Windows
                                                                    • String ID:
                                                                    • API String ID: 2193414262-0
                                                                    • Opcode ID: 9ccfe93abae22ceafca97dc4a825ea1a9411595eca3ac865b6f4b5cdc57b3ae0
                                                                    • Instruction ID: 2d0e696f8a3b3a452dbb41de9b4566e5f4393278827dc6e38d717f057e605c66
                                                                    • Opcode Fuzzy Hash: 9ccfe93abae22ceafca97dc4a825ea1a9411595eca3ac865b6f4b5cdc57b3ae0
                                                                    • Instruction Fuzzy Hash: 72513D36E0961285EA597F25AD1833C22B5AF48BD9F78E030DE1E46795DE3CB411C3C0
                                                                    Function 00007FF8204395A0 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 163threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Dealloc$Deadline_Err_Eval_O_ctrlThread$CheckInitL_do_handshakeL_get_rbioL_get_wbioR_clear_errorR_peek_last_errorRestoreSaveSignalsStringWeakref_
                                                                    • String ID: Underlying socket connection gone$_ssl.c:1001: The handshake operation timed out$_ssl.c:1005: Underlying socket has been closed.$_ssl.c:1009: Underlying socket too large for select().
                                                                    • API String ID: 288340648-2351158186
                                                                    • Opcode ID: 03e148cdac6e7ffd0250c070522be7fbd001ecd5a288fcfc1b56ca63ce226a2d
                                                                    • Instruction ID: 012467579f643913f57b8eca645dd2124166a8eb9175026cfba8134309b0c46a
                                                                    • Opcode Fuzzy Hash: 03e148cdac6e7ffd0250c070522be7fbd001ecd5a288fcfc1b56ca63ce226a2d
                                                                    • Instruction Fuzzy Hash: C9615F36A18A4286EB649F22AC8517963A0FF85BD8F24A431DE4E47794DF3CF841C380
                                                                    Function 00007FF82043C760 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 123COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: DeallocErr_State_$Releasememcpy$Arg_ArgsCallClearDecodeEnsureFunctionL_get_ex_dataObject_OccurredParseTupleUnicode_UnraisableWrite
                                                                    • String ID: strict$z#y#
                                                                    • API String ID: 311804506-2662034392
                                                                    • Opcode ID: 031766ffaed89d54b8d0b7070e36855137141c507b542a4c316cc22adaa1704b
                                                                    • Instruction ID: b615015c3e537894882dd716e4ae165982929187b46d2d45de2bca60c0ec9b33
                                                                    • Opcode Fuzzy Hash: 031766ffaed89d54b8d0b7070e36855137141c507b542a4c316cc22adaa1704b
                                                                    • Instruction Fuzzy Hash: 2F516D72A0868286EB58AF15AD0437973A1FF44BD9F24A131EA5E03794CF3CF690C780
                                                                    Function 00007FF833ABB64C Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 290COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Name::operator+
                                                                    • String ID: `anonymous namespace'
                                                                    • API String ID: 2943138195-3062148218
                                                                    • Opcode ID: aec32b62843f06ec98af653d191f262bc38b8bb7144c10d1108c11b28ce6cb84
                                                                    • Instruction ID: 0c2baf7b3bf4bf501aec3bdfc5be8c1acde57c8c0853c1a7355723d74684cfe8
                                                                    • Opcode Fuzzy Hash: aec32b62843f06ec98af653d191f262bc38b8bb7144c10d1108c11b28ce6cb84
                                                                    • Instruction Fuzzy Hash: 08E16B72A09F82EAEB10CF65D4821AD7BA0FB44784F409139EB4D67BA5DF38E554E700
                                                                    Function 00007FF8321619D0 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 104threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Err_String$Eval_Thread$Bytes_D_freeD_get_sizeD_up_refDeallocFromLongLong_Module_OccurredPy_hashtable_getRestoreSaveSizeState
                                                                    • String ID: iteration value must be greater than 0.$key length must be greater than 0.$password is too long.$salt is too long.
                                                                    • API String ID: 1537479992-530160643
                                                                    • Opcode ID: 3ca4ba3537b30e12f543db8459979636bd1837705d9576b2754340279f8cdc00
                                                                    • Instruction ID: a036b546a25cdae883034d1c2dc13c8e1360efb9703cb2111fd1cd0b8cb807b6
                                                                    • Opcode Fuzzy Hash: 3ca4ba3537b30e12f543db8459979636bd1837705d9576b2754340279f8cdc00
                                                                    • Instruction Fuzzy Hash: 5B414A35A18A8286EB628B25E6441BD23A1FB84BD4F184135DD6EC37B4DFBDF404E700
                                                                    Function 00007FF82043768C Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 104COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Dealloc$L_sk_numL_sk_pop_freeList_X509X509_$AppendErr_L_sk_valueStringT_get0_T_get_typeX509_check_caX_get_cert_storei2d_
                                                                    • String ID: failed to query cert store
                                                                    • API String ID: 188430245-2018196157
                                                                    • Opcode ID: 1bc3a54216dc00c0bcf0b614d7ca30fe17bcf38474b1344b8ec5ed6799e34b28
                                                                    • Instruction ID: 9aa3577ed62db404c9b34e5a9049367f7f6a0c80faa34f45603262b382a3b4e5
                                                                    • Opcode Fuzzy Hash: 1bc3a54216dc00c0bcf0b614d7ca30fe17bcf38474b1344b8ec5ed6799e34b28
                                                                    • Instruction Fuzzy Hash: 86416F25E0CA0381FA28AB26BC5463923A1AF89FDCF24E434DD5E46794DF3CF4518780
                                                                    Function 00007FF820434528 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 83threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Eval_Thread$O_ctrlRestoreSaveX_set_keylog_callback$DeallocErr_O_free_allO_new_fpO_putsPy_fopen_objString
                                                                    • String ID: # TLS secrets log file, generated by OpenSSL / Python$Can't malloc memory for keylog file
                                                                    • API String ID: 2661017659-2802485923
                                                                    • Opcode ID: de5c772abefdd099c4bf1e5a2f71dfce99093213b9f19c96c904f7ec8d9d7a86
                                                                    • Instruction ID: 025716f514c5a1f901e12293734394fbe4362baa095f1997f9fab603fc134e05
                                                                    • Opcode Fuzzy Hash: de5c772abefdd099c4bf1e5a2f71dfce99093213b9f19c96c904f7ec8d9d7a86
                                                                    • Instruction Fuzzy Hash: 21410B36A08A0293EB549F25FD542A823A0FF88BCDF64A431DA4E47B54DF3CF4658780
                                                                    Function 00007FF820435620 Relevance: 27.1, APIs: 18, Instructions: 111COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: DeallocList_$L_sk_numS_free$Size$AppendFromJ_obj2nidL_sk_valueStringTupleUnicode_X509_get_ext_d2i
                                                                    • String ID:
                                                                    • API String ID: 230305477-0
                                                                    • Opcode ID: 8a975910dd59e9fa95b849c9ced4a9ce9132aff27e8b247207bed88671547dcf
                                                                    • Instruction ID: 1c8b2cfd4e77ca9bec614652f362218de4a995b0b9e6ba1780f0b44d290f006a
                                                                    • Opcode Fuzzy Hash: 8a975910dd59e9fa95b849c9ced4a9ce9132aff27e8b247207bed88671547dcf
                                                                    • Instruction Fuzzy Hash: 15411C25A09A42C6FB54AF22FD1463963A1AF85FD9F64E030DD0E46B94EF3CF4558780
                                                                    Function 00007FF832161000 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 134threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: BufferBuffer_DigestErr_Eval_Mutex_Object_ReleaseStringThreadUpdate$CheckLockRestoreSaveUnlock
                                                                    • String ID: Buffer must be single dimension$Strings must be encoded before hashing$object supporting the buffer API required
                                                                    • API String ID: 3533770719-2943709887
                                                                    • Opcode ID: 77285322492e33f3b20657fd4a15d467a232abea8ec961c5b0a2e1f623c18f25
                                                                    • Instruction ID: 39c659b0ea2edad2fba0511dc14461f1be1415bf5eda733813b1c6cff71d70ef
                                                                    • Opcode Fuzzy Hash: 77285322492e33f3b20657fd4a15d467a232abea8ec961c5b0a2e1f623c18f25
                                                                    • Instruction Fuzzy Hash: 4C514121B18A8285EA618B25EA403BE63A1FB44BC4F584135DE9EC77B5DFBCF444E740
                                                                    Function 00007FF82043C928 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 104COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: DeallocErr_State_$Release$ArgsBytes_CallClearDecodeEnsureFunctionL_get_ex_dataObject_OccurredSizeStringUnicode_UnraisableWritememcpy
                                                                    • String ID: strict
                                                                    • API String ID: 2715601981-2947452218
                                                                    • Opcode ID: 14b5631d63ccd0b8c622eeee2f0646d30ce9c799ab55dbf22c84757eb5fce319
                                                                    • Instruction ID: 40181c87bdca143930776e1a8932021e4edf0c3e39ba0c88f6569a7db3ae56ce
                                                                    • Opcode Fuzzy Hash: 14b5631d63ccd0b8c622eeee2f0646d30ce9c799ab55dbf22c84757eb5fce319
                                                                    • Instruction Fuzzy Hash: 9A414F75A0C64282EB15AF21AD0433973A1BF44BE8F29E131D95E06794DF3CF691C780
                                                                    Function 00007FF820437440 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 74COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: L_sk_numX509_$BuildE_lockErr_L_sk_pop_freeL_sk_valueStringT_get_typeValueX_get_cert_store
                                                                    • String ID: crl$failed to query cert store$x509$x509_ca${sisisi}
                                                                    • API String ID: 2783361091-466295505
                                                                    • Opcode ID: 2801ffb0b3d324c85e0443269176529eb99185ae95309bfb6c973b1db7b40949
                                                                    • Instruction ID: 7eddd6bf132d4fce9f0461875c7c767a760ed98bca42a4064851150f5f5234dc
                                                                    • Opcode Fuzzy Hash: 2801ffb0b3d324c85e0443269176529eb99185ae95309bfb6c973b1db7b40949
                                                                    • Instruction Fuzzy Hash: FD313925A08B0381EA209F26FC5457A67A4FF94BD9F60A035ED8F47764DE3CF4458780
                                                                    Function 00007FF820436530 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 73COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: O_free$Err_String$DecodeM_write_bio_ModuleO_ctrlO_newO_s_memR_clear_errorR_peek_last_errorStateType_Unicode_X509_X509_bioi2d_
                                                                    • String ID: Unsupported format$error$failed to allocate BIO$i
                                                                    • API String ID: 629801032-3389475273
                                                                    • Opcode ID: 458d9a98cf18d18b12f8d15d3d3d703eb1f0b9f6d33f0266570c1b7ccef343f1
                                                                    • Instruction ID: 2abc5ee6899ce44d767976db23f9f477ecb4fa883bc3904fcd1b4818507f919e
                                                                    • Opcode Fuzzy Hash: 458d9a98cf18d18b12f8d15d3d3d703eb1f0b9f6d33f0266570c1b7ccef343f1
                                                                    • Instruction Fuzzy Hash: 1F310D25A08A4382EB249B26FD540796361BF89BC8F64E031EE0F077A9DE3CF4558280
                                                                    Function 00007FF820432724 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 67COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Module_$BuildFromOpenValue$L_versionL_version_numLongLong_StringUnicode_Unsigned
                                                                    • String ID: IIIII$OPENSSL_VERSION$OPENSSL_VERSION_INFO$OPENSSL_VERSION_NUMBER$_OPENSSL_API_VERSION
                                                                    • API String ID: 2199365590-595941748
                                                                    • Opcode ID: 5e216f415922695895e47fb2c209c635375e8afc28ca2a3a9ace6d3175cbb420
                                                                    • Instruction ID: efa8b446ca6e298713435741737948715c6359de57a685a5453dbca650bd6d5a
                                                                    • Opcode Fuzzy Hash: 5e216f415922695895e47fb2c209c635375e8afc28ca2a3a9ace6d3175cbb420
                                                                    • Instruction Fuzzy Hash: 00216871F1975382EB109B66FC5426937A0AF84BCCB61A639DA0E47BA4DE3CF1058780
                                                                    Function 00007FF820433FFC Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 140COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: R_clear_error$Err_FromR_peek_last_errorWindows
                                                                    • String ID: A failure in the SSL library occurred$EOF occurred in violation of protocol$Invalid error code$TLS/SSL connection has been closed (EOF)$The operation did not complete (X509 lookup)$The operation did not complete (connect)$The operation did not complete (read)$The operation did not complete (write)
                                                                    • API String ID: 3217158973-1267225647
                                                                    • Opcode ID: 34e086821c4c2a3d165a81d1c048be117480851fcc965c8468b2d679ad22b6c5
                                                                    • Instruction ID: 89cdc53b654daa0889b1710796ae43e740ea6437526dc7e6a5bbe10264163858
                                                                    • Opcode Fuzzy Hash: 34e086821c4c2a3d165a81d1c048be117480851fcc965c8468b2d679ad22b6c5
                                                                    • Instruction Fuzzy Hash: 5B519F32A0894687EB508F55DC082B92361FBD5BD8FB9A231DA0D57794DE3DFC869380
                                                                    Function 00007FF832161730 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 138COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Arg_BufferBuffer_Object_Release$ArgumentErr_KeywordsLongLong_OccurredSizeUnicode_Unpack
                                                                    • String ID: argument 'hash_name'$embedded null character$pbkdf2_hmac$str
                                                                    • API String ID: 3290050277-2538014573
                                                                    • Opcode ID: 66d34713723810b65afa57199e3c932011e1a8ae973513471e952d483a955baf
                                                                    • Instruction ID: 809e150da5517f066e2f1f0eb00456df65fb808f1c4f08d90ad6dd97eb04bc8d
                                                                    • Opcode Fuzzy Hash: 66d34713723810b65afa57199e3c932011e1a8ae973513471e952d483a955baf
                                                                    • Instruction Fuzzy Hash: 00611722A18BC681EA62CF11A6443EE63A4FB99BD4F441235DE9D83B64DFBCE544D700
                                                                    Function 00007FF82043AC2C Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 103COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • a2i_IPADDRESS.LIBCRYPTO-3(?,?,?,?,?,00007FF82043C50B,?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043AC71
                                                                    • ERR_clear_error.LIBCRYPTO-3(?,?,?,?,?,00007FF82043C50B,?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043AC7F
                                                                    • PyUnicode_Decode.PYTHON313(?,?,?,?,?,00007FF82043C50B,?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043AC99
                                                                    • SSL_ctrl.LIBSSL-3(?,?,?,?,?,00007FF82043C50B,?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043ACBE
                                                                    • SSL_get0_param.LIBSSL-3(?,?,?,?,?,00007FF82043C50B,?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043ACF5
                                                                    • X509_VERIFY_PARAM_set1_host.LIBCRYPTO-3(?,?,?,?,?,00007FF82043C50B,?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043AD16
                                                                    • ASN1_STRING_length.LIBCRYPTO-3(?,?,?,?,?,00007FF82043C50B,?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043AD2D
                                                                    • ASN1_STRING_get0_data.LIBCRYPTO-3(?,?,?,?,?,00007FF82043C50B,?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043AD39
                                                                    • X509_VERIFY_PARAM_set1_ip.LIBCRYPTO-3(?,?,?,?,?,00007FF82043C50B,?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043AD48
                                                                    • ASN1_OCTET_STRING_free.LIBCRYPTO-3(?,?,?,?,?,00007FF82043C50B,?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043AD78
                                                                    • PyErr_SetString.PYTHON313(?,?,?,?,?,00007FF82043C50B,?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043AD91
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: X509_$DecodeErr_G_freeG_get0_dataG_lengthL_ctrlL_get0_paramM_set1_hostM_set1_ipR_clear_errorStringUnicode_a2i_
                                                                    • String ID: ascii$server_hostname cannot be an empty string or start with a leading dot.$strict
                                                                    • API String ID: 2286705765-138613600
                                                                    • Opcode ID: 74e38b56c12eaa69b4516e4f94778d7e870e650b7edcece32ecf4a9b7b470b8d
                                                                    • Instruction ID: 35932270dafc4d247a86c76b9a1348e1660ab6878986eee9a1de6e315dd08e6e
                                                                    • Opcode Fuzzy Hash: 74e38b56c12eaa69b4516e4f94778d7e870e650b7edcece32ecf4a9b7b470b8d
                                                                    • Instruction Fuzzy Hash: 8A416421A48A4282FB218F16AC142396761FF45FDDF24A132DE5E47BA4DF3CF4658780
                                                                    Function 00007FF832163420 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 93stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Module_$DeallocDict_String$AttrDictFromItemObject_Proxy_StateUnicode_strncmp
                                                                    • String ID: _constructors$openssl_
                                                                    • API String ID: 1574470188-3359357282
                                                                    • Opcode ID: 117008ba4b5f8ca73d77553d2b2e8d4ddd83506b125ec0b6d7a7d7bf61da898d
                                                                    • Instruction ID: 8b96f2b850bca145dc163e8b4bff33093adfc501a68780e570abfe4db1b5ccc8
                                                                    • Opcode Fuzzy Hash: 117008ba4b5f8ca73d77553d2b2e8d4ddd83506b125ec0b6d7a7d7bf61da898d
                                                                    • Instruction Fuzzy Hash: 1C311A21A0DB4282EB268B15AA942BD77A4BF49FD1F084034CE5D837B5EFBCF445A340
                                                                    Function 00007FF8204348E8 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 64threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Err_Eval_State_Thread_errno$EnsureErrnoExceptionFilenameFromL_get_ex_dataO_ctrlO_printfObjectRaisedReleaseRestoreSaveThread_acquire_lockThread_release_lockWith
                                                                    • String ID: %s
                                                                    • API String ID: 1935682029-620797490
                                                                    • Opcode ID: 6b07846a700f90a1744f6c2f57de779106c5bd90c477fba44a5d039e351f42ed
                                                                    • Instruction ID: 07280a029310e4768d0c105574736327cf3beaff148913a69698eaabd7a832ec
                                                                    • Opcode Fuzzy Hash: 6b07846a700f90a1744f6c2f57de779106c5bd90c477fba44a5d039e351f42ed
                                                                    • Instruction Fuzzy Hash: F421E566A08A4283EB109F62FC542297360FB88FD8F60A131EE4E43724DF3CF4558740
                                                                    Function 00007FF833ABC4B4 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 359COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: NameName::$Name::operator+atolswprintf_s
                                                                    • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$lambda$nullptr
                                                                    • API String ID: 2331677841-2441609178
                                                                    • Opcode ID: 3c29747ae8710b15564f16d6c1c734fd538530989b0780686262821ebccf47fd
                                                                    • Instruction ID: a0b0bd6e514c9bfe00de27acc1f737a7596637ba409981298d5bb7e2e3cb38d7
                                                                    • Opcode Fuzzy Hash: 3c29747ae8710b15564f16d6c1c734fd538530989b0780686262821ebccf47fd
                                                                    • Instruction Fuzzy Hash: 11F19E72E0AE02A5FB149BB489965BC27A8AF057C4F440136DE0E77BB6DF3DA544E340
                                                                    Function 00007FF832165C58 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 86threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: BufferBuffer_Err_Eval_Object_ReleaseStringThreadUpdate$CheckRestoreSave
                                                                    • String ID: Buffer must be single dimension$Strings must be encoded before hashing$object supporting the buffer API required
                                                                    • API String ID: 2268293675-2943709887
                                                                    • Opcode ID: 7d94d48ec1acb3bfec3b7f4eafe1c612b89fc347d8515680fb43b4c00982cab0
                                                                    • Instruction ID: 69b779eaf07adf9cb9aa47844e4a79d3e72241917c7610e4a0263eb322403785
                                                                    • Opcode Fuzzy Hash: 7d94d48ec1acb3bfec3b7f4eafe1c612b89fc347d8515680fb43b4c00982cab0
                                                                    • Instruction Fuzzy Hash: 30417321E1CA8692EB618B11E6542FE6360FF94BC4F045231DD8EC36B9DFADF484A740
                                                                    Function 00007FF82043AB44 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 65COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: String$Bytes_DeallocErr_M_read_bio_Module_O_ctrlO_freeO_newO_s_fileStateX509X509_free
                                                                    • String ID: Can't malloc memory to read file$Can't open file$Error decoding PEM-encoded file
                                                                    • API String ID: 2561677103-2145957498
                                                                    • Opcode ID: 90aee6bfe7585339b16a851544f67fe13ed4f9d36a8c992c5b7d43f7d4742565
                                                                    • Instruction ID: f5f17454d039da5a6e64faabfa65a68b611d50617733895a76f1bc5a4430a783
                                                                    • Opcode Fuzzy Hash: 90aee6bfe7585339b16a851544f67fe13ed4f9d36a8c992c5b7d43f7d4742565
                                                                    • Instruction Fuzzy Hash: 84212F21F09A4286FA189F26BD14279B3A2AF45FD8F64E031DE4E07B54DE3CF4658780
                                                                    Function 00007FF832161C10 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 59COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Err_$Format$R_clear_errorR_func_error_stringR_lib_error_stringR_peek_last_errorR_reason_error_stringString
                                                                    • String ID: [%s: %s] %s$[%s] %s$no reason supplied
                                                                    • API String ID: 748225740-1501659929
                                                                    • Opcode ID: 2385472635e3c984c3c4b94a13ba95db855959daa8ee4a743768d2092ec8f9fd
                                                                    • Instruction ID: 64564a9fc8d1daf4386d48ab911bb4901fa38a45fab816ee03f41ded3612e436
                                                                    • Opcode Fuzzy Hash: 2385472635e3c984c3c4b94a13ba95db855959daa8ee4a743768d2092ec8f9fd
                                                                    • Instruction Fuzzy Hash: B4217F65E1DB8686EA129B11BA040FD62A5BF85FC1F140030DD8D87734DFBCF459A740
                                                                    Function 00007FF8204357B0 Relevance: 21.1, APIs: 14, Instructions: 101COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • X509_get_ext_d2i.LIBCRYPTO-3(?,?,00000000,00007FF8204355C8), ref: 00007FF8204357D7
                                                                    • PyList_New.PYTHON313(?,?,00000000,00007FF8204355C8), ref: 00007FF8204357F3
                                                                    • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FF8204355C8), ref: 00007FF82043580B
                                                                    • OPENSSL_sk_value.LIBCRYPTO-3(?,?,00000000,00007FF8204355C8), ref: 00007FF82043581F
                                                                    • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FF8204355C8), ref: 00007FF820435837
                                                                    • OPENSSL_sk_value.LIBCRYPTO-3(?,?,00000000,00007FF8204355C8), ref: 00007FF820435847
                                                                    • PyUnicode_FromStringAndSize.PYTHON313(?,?,00000000,00007FF8204355C8), ref: 00007FF82043585D
                                                                    • PyList_Append.PYTHON313(?,?,00000000,00007FF8204355C8), ref: 00007FF820435871
                                                                    • _Py_Dealloc.PYTHON313(?,?,00000000,00007FF8204355C8), ref: 00007FF820435887
                                                                    • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FF8204355C8), ref: 00007FF820435898
                                                                    • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FF8204355C8), ref: 00007FF8204358A9
                                                                    • PyList_AsTuple.PYTHON313(?,?,00000000,00007FF8204355C8), ref: 00007FF8204358C1
                                                                    • _Py_Dealloc.PYTHON313(?,?,00000000,00007FF8204355C8), ref: 00007FF8204358E1
                                                                    • CRL_DIST_POINTS_free.LIBCRYPTO-3(?,?,00000000,00007FF8204355C8), ref: 00007FF8204358EA
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: L_sk_num$List_$DeallocL_sk_value$AppendFromS_freeSizeStringTupleUnicode_X509_get_ext_d2i
                                                                    • String ID:
                                                                    • API String ID: 3668485020-0
                                                                    • Opcode ID: 2c76d88cafafb5f719b982d8563f883c8c474b9138037ca870fbb056941890c9
                                                                    • Instruction ID: 00d7e2dcb61d2abb8553c743c4120bbe22e9536dc949ee25372f40de7e354e74
                                                                    • Opcode Fuzzy Hash: 2c76d88cafafb5f719b982d8563f883c8c474b9138037ca870fbb056941890c9
                                                                    • Instruction Fuzzy Hash: 1E411A21E09A4685EB58AF62AD1423A63A1FF84FDDF64A434ED0E46754DF3CF461C780
                                                                    Function 00007FF832165720 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 95COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Err_String$Module_State
                                                                    • String ID: Missing required parameter 'digestmod'.$key is too long.
                                                                    • API String ID: 450183790-3184708805
                                                                    • Opcode ID: 7dc9a8c719d1cbf1c5fa7d8949e05ea40c66a1c6bd53a34a7611b19a6f123b1c
                                                                    • Instruction ID: 0da7844e7a78ffa99f01f3e6e57d2d2ef9d0810301f0fd6a056a5d0e969cbd42
                                                                    • Opcode Fuzzy Hash: 7dc9a8c719d1cbf1c5fa7d8949e05ea40c66a1c6bd53a34a7611b19a6f123b1c
                                                                    • Instruction Fuzzy Hash: A9414C21F18A8291EA529B13AA442BD63A5BF84FC4F584435DD1EC7B78DFBCF405A340
                                                                    Function 00007FF820433F24 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 60COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: String$Bytes_D_bytesErr_FromSize
                                                                    • String ID: (ks)$num must be positive
                                                                    • API String ID: 574210595-3708576348
                                                                    • Opcode ID: 18ccc404a700c76af51fffefa3463e526a9a16fe52f2d485ad210b8e4bc8dbe7
                                                                    • Instruction ID: c3e8f4f6508da092da1dba97bc476086885436e334b3d7a8efbbcfa6ea502036
                                                                    • Opcode Fuzzy Hash: 18ccc404a700c76af51fffefa3463e526a9a16fe52f2d485ad210b8e4bc8dbe7
                                                                    • Instruction Fuzzy Hash: 7721EC25E08A0382EB189B25EC9813963B1BF88BDDF64E535E90E46754DF3CF445C380
                                                                    Function 00007FF833AB9B14 Relevance: 19.9, APIs: 13, Instructions: 361COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Name::operator+
                                                                    • String ID:
                                                                    • API String ID: 2943138195-0
                                                                    • Opcode ID: 41ef1431114346efaab8c60343cd86bdbcd24c7489ef4566e00d5aa078ef8b87
                                                                    • Instruction ID: 751a5698b8d06a1c7c2b6abcc59e792377c74da3874f63d71622521fb5a9178d
                                                                    • Opcode Fuzzy Hash: 41ef1431114346efaab8c60343cd86bdbcd24c7489ef4566e00d5aa078ef8b87
                                                                    • Instruction Fuzzy Hash: 17F14B76B09A82AEEB10DF64D4921FC37B5EB0478CB44403AEA4D67BA9DF38D515E340
                                                                    Function 00007FF82043C63C Relevance: 19.6, APIs: 13, Instructions: 86encryptionCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Mem_$CertEnhancedFreeSet_Usage$DeallocErr_ErrorFromFrozenLastMallocMemoryStringUnicode_
                                                                    • String ID:
                                                                    • API String ID: 2458427691-0
                                                                    • Opcode ID: bb57664c67688b6f0bc1f32e9b9c0d97e8db429def78a57efc262771a977bd05
                                                                    • Instruction ID: bdb99a3bf521dc77370353d360a28ec3f91d1cd7203d921619b3d49566d3c1d3
                                                                    • Opcode Fuzzy Hash: bb57664c67688b6f0bc1f32e9b9c0d97e8db429def78a57efc262771a977bd05
                                                                    • Instruction Fuzzy Hash: 7C312B25A0DA4382FB54AF65BC0453963A1AF45BD9F34A034EE5E02790DF3CF996CB80
                                                                    Function 00007FF832162440 Relevance: 19.6, APIs: 13, Instructions: 70COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Mem_$Free$X_free$Err_Memory$DigestFinalMallocPy_strhexX_copyX_new
                                                                    • String ID:
                                                                    • API String ID: 422439089-0
                                                                    • Opcode ID: 2a2d910f4d16862cac1ef5a63f4b4190fe9e03e1a8e5ec30e94ca91cde7686a4
                                                                    • Instruction ID: dc897ac8d916511875bb388bbf01e6ffff403b895e56aac5764c4759ad33278d
                                                                    • Opcode Fuzzy Hash: 2a2d910f4d16862cac1ef5a63f4b4190fe9e03e1a8e5ec30e94ca91cde7686a4
                                                                    • Instruction Fuzzy Hash: 80212A20F2DA8381EA56AB22AB140BD63A1AF89FC1B084435DD4FC7775DFACF044A240
                                                                    Function 00007FF8204349EC Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: DeallocState_$CallEnsureErr_ExceptionFunctionL_get_ex_dataObject_RaisedReleaseWeakref_
                                                                    • String ID: Osiiiy#$read$write
                                                                    • API String ID: 2599993526-708132800
                                                                    • Opcode ID: d2dfee312ca04c20879107171811508fe39ff8071d11cb573eedcca60d6f5cfc
                                                                    • Instruction ID: 86969008b129ccf5de73e652dc7dcd5ca7f5046ba32bcf95d2bd815d4e81203c
                                                                    • Opcode Fuzzy Hash: d2dfee312ca04c20879107171811508fe39ff8071d11cb573eedcca60d6f5cfc
                                                                    • Instruction Fuzzy Hash: 19418C32908A4682E7699F25AC143B9B7A0FBC5BD8FA5A135DA5E43794CF3CF450C780
                                                                    Function 00007FF820438598 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 97COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Err_$Arg_FormatParseStringWarnX_ctrl
                                                                    • String ID: The context's protocol doesn't support modification of highest and lowest version.$Unsupported TLS/SSL version 0x%x$Unsupported protocol version 0x%x$ssl.TLSVersion.SSLv3 is deprecated$ssl.TLSVersion.TLSv1 is deprecated$ssl.TLSVersion.TLSv1_1 is deprecated
                                                                    • API String ID: 3279334173-3879554506
                                                                    • Opcode ID: b0ba7fe4d923bc772503c3f35c11ef2aabf52d4a7ff3ca8fcc4e268e689da020
                                                                    • Instruction ID: a209bf2fd410b3848c6f86e4acc27909681b68ee6dd7d12db35315c476d96c56
                                                                    • Opcode Fuzzy Hash: b0ba7fe4d923bc772503c3f35c11ef2aabf52d4a7ff3ca8fcc4e268e689da020
                                                                    • Instruction Fuzzy Hash: 59417E21B1C55285FB618B19EC51539A261EB81BD8F30E132D91D46BA4CE6EFB94CB80
                                                                    Function 00007FF820435FC8 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 93COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Err_String$DeallocMem_$FormatFreeMallocUnicode_memcpy
                                                                    • String ID: password cannot be longer than %d bytes$unable to allocate password buffer
                                                                    • API String ID: 1570515377-2395793021
                                                                    • Opcode ID: bd164c4884d579fc5f5a2d11d429cf0fd87802d2656ded334a415f46265d66d2
                                                                    • Instruction ID: 308759e766e48f2b4f7f4552592aeb46b58947dc745f6a4f6c03ef02fddc7233
                                                                    • Opcode Fuzzy Hash: bd164c4884d579fc5f5a2d11d429cf0fd87802d2656ded334a415f46265d66d2
                                                                    • Instruction Fuzzy Hash: 4D412661A0CA0386EF28DB16EC4427863B1BF85BD8F24E031DE1E47795DE6DF4448380
                                                                    Function 00007FF820438094 Relevance: 18.1, APIs: 12, Instructions: 72threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Eval_H_freeThread_errno$Err_ErrnoFilenameFromHparamsM_read_ObjectPy_fopen_objR_clear_errorRestoreSaveWithX_ctrlfclose
                                                                    • String ID:
                                                                    • API String ID: 1346594628-0
                                                                    • Opcode ID: e8e91d1415e5021d994eb1f498100730c2df5d041224c4c8dafc1d56ee3aef57
                                                                    • Instruction ID: 9516eb35b5031cb802b1f719d3cf89184b85262dd829b4d3de0de92c0c41b2f9
                                                                    • Opcode Fuzzy Hash: e8e91d1415e5021d994eb1f498100730c2df5d041224c4c8dafc1d56ee3aef57
                                                                    • Instruction Fuzzy Hash: 64312D35A18A5282EB109B66FC14129B3A0FF88FD9F64A035EE4E43B64DF7CF4158784
                                                                    Function 00007FF833AB19D4 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 311COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: BlockFrameHandler3::Unwindabortterminate$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                    • String ID: csm$csm$csm
                                                                    • API String ID: 4223619315-393685449
                                                                    • Opcode ID: 6da6cceb144a245c76afb91d09171081a696858682c4f12eaced2770b517540e
                                                                    • Instruction ID: 6efa3102610538004289ca97313d753b35ece0e60965eca1cc852942fd63e773
                                                                    • Opcode Fuzzy Hash: 6da6cceb144a245c76afb91d09171081a696858682c4f12eaced2770b517540e
                                                                    • Instruction Fuzzy Hash: 16D17032A09B419AEB60DF6594463AD77A0FB557C8F140235DE8E67BAADF38E090D700
                                                                    Function 00007FF702BC7500 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                    • String ID: Needs to remove its temporary files.
                                                                    • API String ID: 3975851968-2863640275
                                                                    • Opcode ID: 44e53fe94581f3919e9549e222624ce8134aca65504236f29db41f4538cf5799
                                                                    • Instruction ID: d59ad4997bd83020c9e9265348f1fa916cb6cbead88ec5dcd625f069769a65eb
                                                                    • Opcode Fuzzy Hash: 44e53fe94581f3919e9549e222624ce8134aca65504236f29db41f4538cf5799
                                                                    • Instruction Fuzzy Hash: C821BA63B08A4391EB51BB79AC44179EB58EF88B94F984130DE2D473E5FFACD581C620
                                                                    Function 00007FF820435EE0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 63threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: DeallocEval_Thread$Err_FormatSave$ArgsCallObject_RestoreStringUnicode_memcpy
                                                                    • String ID: password callback must return a string$password cannot be longer than %d bytes
                                                                    • API String ID: 1551476282-1265974473
                                                                    • Opcode ID: ccf048252a9dccbf156da34bb3229c025df79dde1f58e2e3214c8054ed7a827c
                                                                    • Instruction ID: 6a6f0b8a30aaab01ff88d7cb3be0a2f2ebf684af85092f2c7fd36e9043c62383
                                                                    • Opcode Fuzzy Hash: ccf048252a9dccbf156da34bb3229c025df79dde1f58e2e3214c8054ed7a827c
                                                                    • Instruction Fuzzy Hash: BB21F931A08A0286EB149F22ED4427833A0FF48BD9F24A431EA1E47795CF3CF4A0C780
                                                                    Function 00007FF820438C2C Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 47COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Arg_ArgumentErr_SizeStringUnicode_
                                                                    • String ID: No cipher can be selected.$argument$embedded null character$set_ciphers$str
                                                                    • API String ID: 4155279725-2765033273
                                                                    • Opcode ID: 096e54ec4400660e21b4144873e8b770a378f1af6f5544acb3e060e6134edacd
                                                                    • Instruction ID: 778eec4804d20a1586bdd73578ac64cef4b559d17a79d29c9d681b46c6503576
                                                                    • Opcode Fuzzy Hash: 096e54ec4400660e21b4144873e8b770a378f1af6f5544acb3e060e6134edacd
                                                                    • Instruction Fuzzy Hash: 69116061A08B4691EE10CB15EC50175A360FF88BE8F64F135DA1E47BA4DE3CF894C390
                                                                    Function 00007FF833AB7888 Relevance: 16.7, APIs: 11, Instructions: 158COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Name::operator+
                                                                    • String ID:
                                                                    • API String ID: 2943138195-0
                                                                    • Opcode ID: 59ff93c280199e5836e6df8be1a97549f355a4d451030ffe8799044faf8f3d85
                                                                    • Instruction ID: 07029d95dd2280eef3be100782fd2ed03c53e9d45f44f8511c48690b3af73022
                                                                    • Opcode Fuzzy Hash: 59ff93c280199e5836e6df8be1a97549f355a4d451030ffe8799044faf8f3d85
                                                                    • Instruction Fuzzy Hash: 1F714B72B09E42A9EB10DF65D4521EC33B1AB0478CB808435EE0D67BA9EF79D619D390
                                                                    Function 00007FF820432610 Relevance: 16.6, APIs: 11, Instructions: 72COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Module_$FromModuleSpecTypeType_$State
                                                                    • String ID:
                                                                    • API String ID: 1138651315-0
                                                                    • Opcode ID: 6e855ac29a48872f707290a868e0a8f8b46d6a2ce4aeefef40bb2793747dcfbc
                                                                    • Instruction ID: 9e2a7dcfc8b309f5ab57d2abd139f2b2da8c7cb885f83e35470d2335dc843b2a
                                                                    • Opcode Fuzzy Hash: 6e855ac29a48872f707290a868e0a8f8b46d6a2ce4aeefef40bb2793747dcfbc
                                                                    • Instruction Fuzzy Hash: FD31EDA5B09B4382EA589F25FD5063533A4BF09BC9B18A534DD6E03B50EF3CF0648740
                                                                    Function 00007FF833ABD650 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 194COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
                                                                    • API String ID: 0-3207858774
                                                                    • Opcode ID: 6ea09e53c78372fd51fc6217c56ea2e3ac166cdbb3b457d9f2a8c27783302216
                                                                    • Instruction ID: c9564b28ec577de9dfbca6b63f8c5152403dc4f9a1a560686f185b1c10a16f82
                                                                    • Opcode Fuzzy Hash: 6ea09e53c78372fd51fc6217c56ea2e3ac166cdbb3b457d9f2a8c27783302216
                                                                    • Instruction Fuzzy Hash: 5181B922B09E86A9FB108F61D4922FC37A1AB54BC8F44413ADA4D677B5DF3CE545E340
                                                                    Function 00007FF833AB9358 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 126COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Name::operator+
                                                                    • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                                                                    • API String ID: 2943138195-1464470183
                                                                    • Opcode ID: af40fed7b60034fd5c5e0a5ae54bcf9e4d80c7769b22b13ab88bd66fa3393346
                                                                    • Instruction ID: 58ce9474bb0dad6e008cafc87a9f57d5541df3a21f985bdcad5dabc0f04b625e
                                                                    • Opcode Fuzzy Hash: af40fed7b60034fd5c5e0a5ae54bcf9e4d80c7769b22b13ab88bd66fa3393346
                                                                    • Instruction Fuzzy Hash: AF515B32E1EE56A9FB10CB65E8825BC37B0BB143C4F504139DA4E67AB9DF29E544E700
                                                                    Function 00007FF820432150 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 88COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Arg_KeywordsObject_SizeTrueUnicode_Unpack
                                                                    • String ID: argument 'txt'$embedded null character$str$txt2obj
                                                                    • API String ID: 3371007025-2001486153
                                                                    • Opcode ID: b8195e4ec22a49a374ed1a718d5faa2420536ff0359b6160baa7298a21cc0e7b
                                                                    • Instruction ID: 71bedff80526ad2a36acbdd6426793b67aca1b8c559da791534e838b842262be
                                                                    • Opcode Fuzzy Hash: b8195e4ec22a49a374ed1a718d5faa2420536ff0359b6160baa7298a21cc0e7b
                                                                    • Instruction Fuzzy Hash: A7317E36A08A8285EA608B11ED503BAA360FB88BD8F64E131DE5E47795DF3CF546C740
                                                                    Function 00007FF820436AC0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 77COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Buffer_$Arg_BufferCheckDoubleErr_FillFloat_InfoObject_OccurredPositionalReleaseSizeUnicode_memset
                                                                    • String ID: RAND_add
                                                                    • API String ID: 3826167373-2571728267
                                                                    • Opcode ID: 5aaad7475b6960d52f76031ddb104ec455ad49b2ec9eed736abfdbdb3f4e0ee1
                                                                    • Instruction ID: 508907877654c98fbd390495a9c80f3c432260517ed07a82762832e57f82a265
                                                                    • Opcode Fuzzy Hash: 5aaad7475b6960d52f76031ddb104ec455ad49b2ec9eed736abfdbdb3f4e0ee1
                                                                    • Instruction Fuzzy Hash: 18317022A18A9681E7109F26EC40769A3A4FF54BC8F64E135EA1D43764DF3DF585CB40
                                                                    Function 00007FF820439800 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 73COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Arg_$ArgumentErr_KeywordsL_get_finishedL_session_reusedSizeStringUnicode_Unpackstrcmp
                                                                    • String ID: argument 'cb_type'$embedded null character$get_channel_binding$str$tls-unique
                                                                    • API String ID: 2734880604-851902044
                                                                    • Opcode ID: 33c8206c4d1f61c24bc5128d93109b392e72fb80bf35b75bf2370ddcb078a2fb
                                                                    • Instruction ID: 2a8f257978b67dd37d097c2bf4b7c4a2c54c317ddaf0bb585541567d506e85a6
                                                                    • Opcode Fuzzy Hash: 33c8206c4d1f61c24bc5128d93109b392e72fb80bf35b75bf2370ddcb078a2fb
                                                                    • Instruction Fuzzy Hash: C031AB21A18A4292EA54DF15EC402B963A0BF89BE8F64E131EE5D077A4DF3CF845C780
                                                                    Function 00007FF8204391C8 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 60COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: DeallocErr_StringX_callback_ctrl
                                                                    • String ID: not a callable object$sni_callback cannot be set on TLS_CLIENT context
                                                                    • API String ID: 3136334877-1539510184
                                                                    • Opcode ID: 89003bad5d0a5bc846d3c9f4b56c3be219cd2019ea4a689fd4f3a754faf0e3b9
                                                                    • Instruction ID: 4c0c264e7c53b15f08d41c3e1f959d66ca411151360dc9c1c514755a2122c08c
                                                                    • Opcode Fuzzy Hash: 89003bad5d0a5bc846d3c9f4b56c3be219cd2019ea4a689fd4f3a754faf0e3b9
                                                                    • Instruction Fuzzy Hash: F3211C32A08A0296EB549F65ED9463933A0FF88BDCF60A931DA1E46754DF3CF855C780
                                                                    Function 00007FF820432828 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 31COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: FromInternStringUnicode_$Module_State
                                                                    • String ID: library$reason$verify_code$verify_message
                                                                    • API String ID: 1970222510-435783180
                                                                    • Opcode ID: 11b258774749d8d9255437d13f071bda9296e4b9a667c13e01ec028e3fc4d63c
                                                                    • Instruction ID: 55b06d3754c53de61b75eb2628f3bc6598e6afd5f1e6d05e30d972f400c3ea2c
                                                                    • Opcode Fuzzy Hash: 11b258774749d8d9255437d13f071bda9296e4b9a667c13e01ec028e3fc4d63c
                                                                    • Instruction Fuzzy Hash: F301C93091BF4791FA65AB25EC5427433A0BF187A9F64A635C84E453E4EF3CB49AC390
                                                                    Function 00007FF832163A80 Relevance: 15.2, APIs: 10, Instructions: 227COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                    • String ID:
                                                                    • API String ID: 190073905-0
                                                                    • Opcode ID: 6519944f3013d940d19d1b81a08512331dda30c88b389df6dfaebd19558cce86
                                                                    • Instruction ID: b21a720c2af19c151d3a84cdbba1ef9729f8a8dbee4265a5ed6d9291b1bcccbc
                                                                    • Opcode Fuzzy Hash: 6519944f3013d940d19d1b81a08512331dda30c88b389df6dfaebd19558cce86
                                                                    • Instruction Fuzzy Hash: 2A81CF21E1C68386FA26AB6596412FD62A0AF45BC4F548035EE0DC37B6DFBDF805B700
                                                                    Function 00007FF820432C10 Relevance: 15.2, APIs: 10, Instructions: 227COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                    • String ID:
                                                                    • API String ID: 190073905-0
                                                                    • Opcode ID: c63e6089f6b731f0a998ec0c9ca545962658d112e08e07fbdcc3b27007cfd35c
                                                                    • Instruction ID: c30259e097e72f7dc91d574350f396d68eaf1e54fa3b9ec686e3b22b19e14def
                                                                    • Opcode Fuzzy Hash: c63e6089f6b731f0a998ec0c9ca545962658d112e08e07fbdcc3b27007cfd35c
                                                                    • Instruction Fuzzy Hash: A381D230E0C68346F654AB66AD822B936A0AF957CDF34E035EE4C47796DE3CF8458780
                                                                    Function 00007FF832162870 Relevance: 15.1, APIs: 10, Instructions: 85COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Mutex_$Bytes_D_get_sizeDigestErr_FinalFromLockMemorySizeStringUnlockX_copyX_freeX_get0_mdX_new
                                                                    • String ID:
                                                                    • API String ID: 4168299438-0
                                                                    • Opcode ID: 1502594597476eeb443c9c9a2186de1b24449c0dd1f369554380e6a155ef03aa
                                                                    • Instruction ID: b0a421057c02a177aff3dadbcd8ca8be8da0ccff4f6d941cab599d6c23485d49
                                                                    • Opcode Fuzzy Hash: 1502594597476eeb443c9c9a2186de1b24449c0dd1f369554380e6a155ef03aa
                                                                    • Instruction Fuzzy Hash: E8319121E1DA8282EA629B25A6042BE73A0FF89BC0F584034DD4EC3771CFACF444A340
                                                                    Function 00007FF832162610 Relevance: 15.1, APIs: 10, Instructions: 74COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: DeallocX_free$Bytes_DigestErr_FinalFromMemorySizeStringX_copyX_new
                                                                    • String ID:
                                                                    • API String ID: 3259613670-0
                                                                    • Opcode ID: 8a7c76b72d94fb0aeb7ccf6808e6d7663f5ffecb87d26bf77d0b6ffd2a339e4e
                                                                    • Instruction ID: f604bb9cbf7a55d9f55fc8f6b24a2a268be016c2786dfce2eefa0e2beedd8ce3
                                                                    • Opcode Fuzzy Hash: 8a7c76b72d94fb0aeb7ccf6808e6d7663f5ffecb87d26bf77d0b6ffd2a339e4e
                                                                    • Instruction Fuzzy Hash: 65311A31E18A4385EB669B62AB541BD63A1AF89BD1F084030DE4EC7771DFBCF455A700
                                                                    Function 00007FF82043424C Relevance: 15.1, APIs: 10, Instructions: 60COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Dealloc$Object_$L_freeL_get_shutdownL_set_shutdownTrack
                                                                    • String ID:
                                                                    • API String ID: 2685312528-0
                                                                    • Opcode ID: 1211eeeea0e06acffbb8593bb39783f78a6fb1ceea3798b2b73b36991a97e0f2
                                                                    • Instruction ID: 91e002edc84b01c8515c3f6b0b459323264412bedb7fcb1f6f22ca6a794469df
                                                                    • Opcode Fuzzy Hash: 1211eeeea0e06acffbb8593bb39783f78a6fb1ceea3798b2b73b36991a97e0f2
                                                                    • Instruction Fuzzy Hash: B121FC35A0960286EB59AF65EC5427923A0FF85BDDFA4A430EA1A52794CF3DF491C380
                                                                    Function 00007FF833AB1E9C Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 317COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                    • String ID: csm$csm$csm
                                                                    • API String ID: 211107550-393685449
                                                                    • Opcode ID: 579c448420c1f2a36cb32246af93653fbc5f1fd4bf1dbfa0e8ef84cdd48a3a2d
                                                                    • Instruction ID: 085cc2b121e16782de74e0307e3d4c7c7c05e4d537bb79401cc509f9c304fcf8
                                                                    • Opcode Fuzzy Hash: 579c448420c1f2a36cb32246af93653fbc5f1fd4bf1dbfa0e8ef84cdd48a3a2d
                                                                    • Instruction Fuzzy Hash: 29E1C072909B829AE720DF34D4823ED7BA0FB45798F144236DA8D676B6CF38E481D740
                                                                    Function 00007FF702BC7CA0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetTempPathW.KERNEL32(FFFFFFFF,00000000,?,00007FF702BC3101), ref: 00007FF702BC7D44
                                                                    • GetCurrentProcessId.KERNEL32(?,00007FF702BC3101), ref: 00007FF702BC7D4A
                                                                    • CreateDirectoryW.KERNEL32(?,00007FF702BC3101), ref: 00007FF702BC7D8C
                                                                      • Part of subcall function 00007FF702BC7E70: GetEnvironmentVariableW.KERNEL32(00007FF702BC2C4F), ref: 00007FF702BC7EA7
                                                                      • Part of subcall function 00007FF702BC7E70: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF702BC7EC9
                                                                      • Part of subcall function 00007FF702BD9174: _invalid_parameter_noinfo.LIBCMT ref: 00007FF702BD918D
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Environment$CreateCurrentDirectoryExpandPathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                    • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                    • API String ID: 365913792-1339014028
                                                                    • Opcode ID: ffb589f732eab392f51c917e2ec5332ba92e64a2874c8252f98761f4106046c7
                                                                    • Instruction ID: ed4af14a9f2a48c0e4d1094f088c2bc4eefdf5a1c49b545f5dd2aa417dfcaee7
                                                                    • Opcode Fuzzy Hash: ffb589f732eab392f51c917e2ec5332ba92e64a2874c8252f98761f4106046c7
                                                                    • Instruction Fuzzy Hash: C0419D63A1968351EA20FB259C552F9EA59AF857C4FE00031EA0D477E6FFBCE501D720
                                                                    Function 00007FF833ABB088 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Name::operator+
                                                                    • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                                                    • API String ID: 2943138195-2239912363
                                                                    • Opcode ID: b834bdc2b4e624d8bfe4a0aa6ffd56aa1f04fb76a255bf56b0e6c1b80a1fdf25
                                                                    • Instruction ID: 72f1848ff42451cb6a748a664e19adc918a18bff1e7fc96157e6e9e6b6cdc7b2
                                                                    • Opcode Fuzzy Hash: b834bdc2b4e624d8bfe4a0aa6ffd56aa1f04fb76a255bf56b0e6c1b80a1fdf25
                                                                    • Instruction Fuzzy Hash: 13512A62E1AF92A8FB11CB61E8422BC77F0BB08784F444135DA4D67BA5DF7CA184E750
                                                                    Function 00007FF820438F68 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 84COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Arg_$ArgumentErr_KeywordsSizeStringUnicode_Unpack
                                                                    • String ID: argument 'identity_hint'$embedded null character$set_psk_server_callback$str or None
                                                                    • API String ID: 2966986319-155000023
                                                                    • Opcode ID: 82afd162ce02ff478ee8e90ecff475f915f7789587951e81031454d7f6a747cd
                                                                    • Instruction ID: 6fc9b07ee5bc6b181bc74fd16636d44f36973b91b642d956d7861f848d60b651
                                                                    • Opcode Fuzzy Hash: 82afd162ce02ff478ee8e90ecff475f915f7789587951e81031454d7f6a747cd
                                                                    • Instruction Fuzzy Hash: C231A121B08B4295EA55CF02EC406A9A361FB44BD8FA4D136EE4D07794DF3DF845C780
                                                                    Function 00007FF832161B50 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 78COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: D_fetch$D_up_refModule_Py_hashtable_getState
                                                                    • String ID: -fips$unsupported hash type %s
                                                                    • API String ID: 1568902971-2522765902
                                                                    • Opcode ID: 091ad32529631833f38748f3eb12729357601f0f9eea4640d6531ccc550d32f1
                                                                    • Instruction ID: ee04376bfa95fa5cfd776d0d3905765d004d5f83e57ed9ea407d87ebbdc874dd
                                                                    • Opcode Fuzzy Hash: 091ad32529631833f38748f3eb12729357601f0f9eea4640d6531ccc550d32f1
                                                                    • Instruction Fuzzy Hash: 28317125A1C78381EEB68B2996911FD62B0EF49FC0F180535DE8D87774EFADF441A600
                                                                    Function 00007FF8321659E4 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 71threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Err_$Eval_FormatStringThread$Bytes_D_freeFromModule_OccurredR_peek_last_errorRestoreSaveSizeState
                                                                    • String ID: key is too long.$msg is too long.
                                                                    • API String ID: 915225383-4266787399
                                                                    • Opcode ID: 4edba86753bbf53e9ed72b284593eff54ee3166e4bb40e5b3186a5f1b6549472
                                                                    • Instruction ID: c8cbaaef7d0921e11641ec3bccbcb39293282fd4f4f8904d7b51a5b50c381d98
                                                                    • Opcode Fuzzy Hash: 4edba86753bbf53e9ed72b284593eff54ee3166e4bb40e5b3186a5f1b6549472
                                                                    • Instruction Fuzzy Hash: 78314D22A1CBC692EA11CB11E6403BE6360FB89BC4F144235DD9D83B68DFBCE0499700
                                                                    Function 00007FF8204390B0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 67COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Callable_CheckDeallocErr_R_clear_errorR_peek_last_errorStringX_set_psk_server_callbackX_use_psk_identity_hint
                                                                    • String ID: Cannot add PSK server callback to a PROTOCOL_TLS_CLIENT context$callback must be callable$failed to set identity hint
                                                                    • API String ID: 2313049127-1396254157
                                                                    • Opcode ID: 4af925c9effc369753a41d79fb87758ec56342b0554d05cf6e7c87d0f0fe7d70
                                                                    • Instruction ID: 8e223f9828ecbd89cb10c16cdfc1d9524835c4548c37e42eeaf605e2d74a820e
                                                                    • Opcode Fuzzy Hash: 4af925c9effc369753a41d79fb87758ec56342b0554d05cf6e7c87d0f0fe7d70
                                                                    • Instruction Fuzzy Hash: 8131D476A08A0386FF549B26ED9813963A0FB44BD8B64A431DE0E57764CF3CF855C780
                                                                    Function 00007FF820438698 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Err_Long$Arg_Long_OccurredParseUnsignedWarnX_clear_optionsX_get_optionsX_set_options
                                                                    • String ID: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
                                                                    • API String ID: 2438043060-2795599882
                                                                    • Opcode ID: 54663514ff7368588ab3efa62f9a4f652d442fb975388dbf5736b95302166b23
                                                                    • Instruction ID: c0b1e6b5a997de8e49f54229d834cecb9a95a0d561d66ebb73217bd167b3181d
                                                                    • Opcode Fuzzy Hash: 54663514ff7368588ab3efa62f9a4f652d442fb975388dbf5736b95302166b23
                                                                    • Instruction Fuzzy Hash: C6213E65B18B0285EA109B26FD44279A365FF44FE8F34A635DA2E47B90DF2CF4508380
                                                                    Function 00007FF82043B14C Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 59COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Arg_$ArgumentErr_KeywordsSizeStringUnicode_Unpack
                                                                    • String ID: argument 'store_name'$embedded null character$enum_crls$str
                                                                    • API String ID: 2966986319-2641223161
                                                                    • Opcode ID: ed10cfc176925f9f66275f52996dd4eb321cb034b8b8d1c46f3774b663b84222
                                                                    • Instruction ID: 3663afe625ee1070f2168878749e8b7c882e645cf4fcb0a639ea57f38a30c204
                                                                    • Opcode Fuzzy Hash: ed10cfc176925f9f66275f52996dd4eb321cb034b8b8d1c46f3774b663b84222
                                                                    • Instruction Fuzzy Hash: 81217A61A08B0685EE509B15EC5437A63B0BF48BD8F64E636EA5D473A4EF3CF845C780
                                                                    Function 00007FF820439D88 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 59COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Arg_ParseTuple$Buffer_Err_ReleaseStringmemset
                                                                    • String ID: _ssl._SSLSocket.read requires 1 to 2 arguments$n:read$nw*:read
                                                                    • API String ID: 302419003-3684439920
                                                                    • Opcode ID: a80f1b82456e6dcf45685c9e42c1a81a0ad9d1c5563ad5bac844d0f45032ef2f
                                                                    • Instruction ID: 19f86e65f39fdc81faa5436647d4059a8ac81a415939839e82778cbfa7425869
                                                                    • Opcode Fuzzy Hash: a80f1b82456e6dcf45685c9e42c1a81a0ad9d1c5563ad5bac844d0f45032ef2f
                                                                    • Instruction Fuzzy Hash: E6215372B08A8691EB24DF16EC452A96361FB84BC8F64D131DE4D43B64DE3CF945C780
                                                                    Function 00007FF82043ADB4 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 59COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Arg_$ArgumentErr_KeywordsSizeStringUnicode_Unpack
                                                                    • String ID: argument 'store_name'$embedded null character$enum_certificates$str
                                                                    • API String ID: 2966986319-2881692381
                                                                    • Opcode ID: 6881ad249ed6062f329288f951a75b3ea7dbb10b5e04dc12cee2fd5bd98dfca4
                                                                    • Instruction ID: 15056ca2e66e286002039db580e42b428c259876ee214ae7fd6adddde112a2ce
                                                                    • Opcode Fuzzy Hash: 6881ad249ed6062f329288f951a75b3ea7dbb10b5e04dc12cee2fd5bd98dfca4
                                                                    • Instruction Fuzzy Hash: F5219062A88B0285EE50CF15EC8167463A1FF44BD8F64A636D91E077A4EF3CF454C780
                                                                    Function 00007FF820439BA0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 51COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SSL_is_init_finished.LIBSSL-3(?,?,00000000,00007FF820439B7E), ref: 00007FF820439BB8
                                                                    • PyErr_SetString.PYTHON313(?,?,00000000,00007FF820439B7E), ref: 00007FF820439BD3
                                                                    • SSL_get1_peer_certificate.LIBSSL-3(?,?,00000000,00007FF820439B7E), ref: 00007FF820439BE1
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Err_L_get1_peer_certificateL_is_init_finishedString
                                                                    • String ID: handshake not done yet
                                                                    • API String ID: 1333720006-2620869922
                                                                    • Opcode ID: b78707c1e3249f7728768dfe6b218366eb087c2cfefbb2b07a5fd2579b6cca82
                                                                    • Instruction ID: 05a7e90211307c30388a0b170b7ea4ca70a00f1ce3bce256ca9f3133eaa39995
                                                                    • Opcode Fuzzy Hash: b78707c1e3249f7728768dfe6b218366eb087c2cfefbb2b07a5fd2579b6cca82
                                                                    • Instruction Fuzzy Hash: 30110A21B08A4691EA149B16FD5403863A0FF98FC8F74A131EE5E87764DF2CF8928380
                                                                    Function 00007FF820439914 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 48stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Bytes_Err_FormatFromL_get_finishedL_get_peer_finishedL_session_reusedSizeStringstrcmp
                                                                    • String ID: '%s' channel binding type not implemented$tls-unique
                                                                    • API String ID: 797867279-2744131590
                                                                    • Opcode ID: 8f5e8eac69a0dceb36e98fa8ff1ec31b156d9231d139036c2329a35023d80c84
                                                                    • Instruction ID: 371a933cc51ffbd8e274479dfd426b438abf1176478094ce576efce3e08abc8e
                                                                    • Opcode Fuzzy Hash: 8f5e8eac69a0dceb36e98fa8ff1ec31b156d9231d139036c2329a35023d80c84
                                                                    • Instruction Fuzzy Hash: C5111F61B0CA4291EB209B16FC9437A63A1FF88BC8F65E035D94D47755DF2CF9548780
                                                                    Function 00007FF820436A14 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 44COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • PyErr_Format.PYTHON313(?,?,?,?,?,00007FF8204369A5), ref: 00007FF820436A3A
                                                                    • PyType_GetModule.PYTHON313(?,?,?,?,?,00007FF8204369A5), ref: 00007FF820436A52
                                                                    • PyModule_GetState.PYTHON313(?,?,?,?,?,00007FF8204369A5), ref: 00007FF820436A60
                                                                    • PyErr_SetString.PYTHON313(?,?,?,?,?,00007FF8204369A5), ref: 00007FF820436A71
                                                                    • BIO_write.LIBCRYPTO-3(?,?,?,?,?,00007FF8204369A5), ref: 00007FF820436A84
                                                                    • PyType_GetModuleState.PYTHON313(?,?,?,?,?,00007FF8204369A5), ref: 00007FF820436A92
                                                                      • Part of subcall function 00007FF8204363A4: ERR_peek_last_error.LIBCRYPTO-3 ref: 00007FF8204363BC
                                                                      • Part of subcall function 00007FF8204363A4: ERR_clear_error.LIBCRYPTO-3 ref: 00007FF8204363E5
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Err_ModuleStateType_$FormatModule_O_writeR_clear_errorR_peek_last_errorString
                                                                    • String ID: cannot write() after write_eof()$string longer than %d bytes
                                                                    • API String ID: 11717643-118187971
                                                                    • Opcode ID: 97544d1a887801279ecde4544b2ed5a48d2405b61ea48232cd2bc52ab97f5c5a
                                                                    • Instruction ID: 8866cbeb202ff5d975400d6fa8737d407a3bae0da879e2db26309b2bfbd5a083
                                                                    • Opcode Fuzzy Hash: 97544d1a887801279ecde4544b2ed5a48d2405b61ea48232cd2bc52ab97f5c5a
                                                                    • Instruction Fuzzy Hash: BD113665A18A0782EB14AB25EC6413863B0FF85BC8B30E435D91E4B7A1DF3CF496D780
                                                                    Function 00007FF820436F20 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Err_Mem_$FormatFreeMallocMemory
                                                                    • String ID: protocols longer than %u bytes
                                                                    • API String ID: 2903777688-895981740
                                                                    • Opcode ID: b5c632a55548e41e9a7ff3e8c6070ffb14e759653cda1e82b0bb5de023a8a426
                                                                    • Instruction ID: d6516944c1eaa322c9db5d207a4221138725521092a6330203af749f89cabdfe
                                                                    • Opcode Fuzzy Hash: b5c632a55548e41e9a7ff3e8c6070ffb14e759653cda1e82b0bb5de023a8a426
                                                                    • Instruction Fuzzy Hash: F911A4A5A18B4292EB149F26FD540282370FF49FD8B20E535EA5E47764DF28F4A5C780
                                                                    Function 00007FF82043A3BC Relevance: 13.6, APIs: 9, Instructions: 78COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: L_sk_num$DeallocFromL_get_ciphersL_get_client_ciphersL_sk_findL_sk_valueList_LongLong_R_get_bitsR_get_nameR_get_versionTuple_
                                                                    • String ID:
                                                                    • API String ID: 1361062010-0
                                                                    • Opcode ID: 5a15b7796d02dc5b8448ba3f9956d60a83801eaf485bf9e6f806abc0b0ec7a42
                                                                    • Instruction ID: 108d8ff6c74f1571e4c43bc59f04c8a9d4e3e706d26064472945234c91d5bc87
                                                                    • Opcode Fuzzy Hash: 5a15b7796d02dc5b8448ba3f9956d60a83801eaf485bf9e6f806abc0b0ec7a42
                                                                    • Instruction Fuzzy Hash: 76218121A49B0281EA15EF22BD1823973A0BF94FE9F24A435DD1E46394EE7CF465C3C0
                                                                    Function 00007FF820437808 Relevance: 13.6, APIs: 9, Instructions: 70COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: L_sk_num$L_freeL_get_ciphersL_newL_sk_valueList_R_clear_errorR_peek_last_error
                                                                    • String ID:
                                                                    • API String ID: 722909353-0
                                                                    • Opcode ID: ae8553dde1559f200526a8917cd30f1bd1ca0d35da87f2fe042bfb9911579d95
                                                                    • Instruction ID: 28c079821ddb2347c6b071827c7d16180d4577974a6912d38da8eeb4b7c866ae
                                                                    • Opcode Fuzzy Hash: ae8553dde1559f200526a8917cd30f1bd1ca0d35da87f2fe042bfb9911579d95
                                                                    • Instruction Fuzzy Hash: E2215E21A0964285EA19AB66AC585396391FF84BD9F24D434DE4E43795DF3CF056C380
                                                                    Function 00007FF833AB56A4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF833AB5863,?,?,00000000,00007FF833AB5694,?,?,?,?,00007FF833AB53D1), ref: 00007FF833AB5729
                                                                    • GetLastError.KERNEL32(?,?,?,00007FF833AB5863,?,?,00000000,00007FF833AB5694,?,?,?,?,00007FF833AB53D1), ref: 00007FF833AB5737
                                                                    • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF833AB5863,?,?,00000000,00007FF833AB5694,?,?,?,?,00007FF833AB53D1), ref: 00007FF833AB5750
                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF833AB5863,?,?,00000000,00007FF833AB5694,?,?,?,?,00007FF833AB53D1), ref: 00007FF833AB5762
                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF833AB5863,?,?,00000000,00007FF833AB5694,?,?,?,?,00007FF833AB53D1), ref: 00007FF833AB57D0
                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF833AB5863,?,?,00000000,00007FF833AB5694,?,?,?,?,00007FF833AB53D1), ref: 00007FF833AB57DC
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                                                                    • String ID: api-ms-
                                                                    • API String ID: 916704608-2084034818
                                                                    • Opcode ID: e684dc1ea15019c11da8b5489464cae19cb3925c8f7c5ac0dd2cd0c8e7a31cf1
                                                                    • Instruction ID: 2d89120338b9a1c3937a55017afca5701f60e8a2edbd7fa8123be1f27f44a139
                                                                    • Opcode Fuzzy Hash: e684dc1ea15019c11da8b5489464cae19cb3925c8f7c5ac0dd2cd0c8e7a31cf1
                                                                    • Instruction Fuzzy Hash: 5D31E721B1BF41E6EE16DB12A8121B563A4BF05BE0F590934DD2E673A0EF3CE481E700
                                                                    Function 00007FF820436D70 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Arg_$CheckErr_KeywordsLong_ModuleModule_OccurredPositionalStateType_
                                                                    • String ID: _SSLContext
                                                                    • API String ID: 3264916389-1468230856
                                                                    • Opcode ID: 067f2f6d6139735af1b86b1865dc6673f5c9f8d8efb8836c6812e5e14ff02bb3
                                                                    • Instruction ID: f1071313c334c3dbe91c43fced21c1b8a85d2350b69bd508db0614544ffccf7b
                                                                    • Opcode Fuzzy Hash: 067f2f6d6139735af1b86b1865dc6673f5c9f8d8efb8836c6812e5e14ff02bb3
                                                                    • Instruction Fuzzy Hash: 0B21A225B09A4681EB50AB12FD4417963A1BF44FD8F68E035DA5D47798DF3CF854C380
                                                                    Function 00007FF82043A2FC Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 50COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • PyErr_SetString.PYTHON313(?,?,?,?,00000001,00007FF82043C626,?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043A32F
                                                                    • SSL_is_init_finished.LIBSSL-3(?,?,?,?,00000001,00007FF82043C626,?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043A36B
                                                                    • SSL_set_session.LIBSSL-3(?,?,?,?,00000001,00007FF82043C626,?,?,00007FF8210681F0,?,?,?,00000000,00007FF820437205), ref: 00007FF82043A386
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Err_L_is_init_finishedL_set_sessionString
                                                                    • String ID: Cannot set session after handshake.$Cannot set session for server-side SSLSocket.$Session refers to a different SSLContext.$Value is not a SSLSession.
                                                                    • API String ID: 1358302900-3160731334
                                                                    • Opcode ID: 511434399ef1f00db976d4245bbc5f48cb4895ba8e62efbd76f28c0b3dfa65ca
                                                                    • Instruction ID: 4d42f4a05cee32f6edfb5d8f0b5de88fa312b5df6d9a56809a46b6c028b04bf5
                                                                    • Opcode Fuzzy Hash: 511434399ef1f00db976d4245bbc5f48cb4895ba8e62efbd76f28c0b3dfa65ca
                                                                    • Instruction Fuzzy Hash: CA21F961A48A4281EB14CB1AEC8013863A1FB84BDCB64E132DE1D877A4DF38F4A5D780
                                                                    Function 00007FF82043B6FC Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 46COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: E_print_exErr_O_freeO_newO_s_memStringX509_
                                                                    • String ID: failed to allocate BIO$strict
                                                                    • API String ID: 220268057-2811890329
                                                                    • Opcode ID: c57b88659bf154ec5a0bbf33e8f8d4d90c4658ae4b78aefe1928c1df60efdc5d
                                                                    • Instruction ID: 31df7030f556021bcbe4b8ba80bcaea1994b382685b1503ea3684e1a9c5142dd
                                                                    • Opcode Fuzzy Hash: c57b88659bf154ec5a0bbf33e8f8d4d90c4658ae4b78aefe1928c1df60efdc5d
                                                                    • Instruction Fuzzy Hash: B6112E65B08A5382EB109B26BC14169A3A0FF89FD8F64E031EE4D47B25DF7CF4558780
                                                                    Function 00007FF8204322C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: BuildErr_FormatFromJ_nid2lnJ_nid2snJ_obj2nidJ_obj2txtSizeStringUnicode_Value
                                                                    • String ID: Unknown object$issN
                                                                    • API String ID: 2277031989-847857892
                                                                    • Opcode ID: 95dd3771fed23c1fe52f9e58c5f8f1a4e331d080bb6505566a73c2253cf61df8
                                                                    • Instruction ID: ab56032a7602ad246288ddd3da81b050cce86dc020ba6a45572db79090ca9b2a
                                                                    • Opcode Fuzzy Hash: 95dd3771fed23c1fe52f9e58c5f8f1a4e331d080bb6505566a73c2253cf61df8
                                                                    • Instruction Fuzzy Hash: 39116D35B08B4281EA009B22FC04069B7A4FB88FC8B699035EE4D87764DF3CF515C780
                                                                    Function 00007FF832165E58 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Err_Module_State$Dict_ErrorFormatItemOccurredUnicode_With
                                                                    • String ID: Unsupported digestmod %R
                                                                    • API String ID: 894184546-2483404930
                                                                    • Opcode ID: b32c407e931632d20676e7299f38be58aa233ca181775c419b420a053304d4e3
                                                                    • Instruction ID: 199296321a5d2ba15f8547367d93ef1d8caf53256448439c2f93b5a329580189
                                                                    • Opcode Fuzzy Hash: b32c407e931632d20676e7299f38be58aa233ca181775c419b420a053304d4e3
                                                                    • Instruction Fuzzy Hash: 2A017164B1968291EF569B56EB843BDA260AF48FC0F184438DD1E87374EFBCF444A300
                                                                    Function 00007FF82043B668 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 39COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • PyErr_SetString.PYTHON313(?,?,00000000,00007FF82043B651), ref: 00007FF82043B691
                                                                    • OBJ_nid2obj.LIBCRYPTO-3(?,?,00000000,00007FF82043B651), ref: 00007FF82043B69D
                                                                    • PyErr_Format.PYTHON313(?,?,00000000,00007FF82043B651), ref: 00007FF82043B6BF
                                                                    • PyModule_GetState.PYTHON313(?,?,00000000,00007FF82043B651), ref: 00007FF82043B6CA
                                                                      • Part of subcall function 00007FF8204322C8: OBJ_obj2nid.LIBCRYPTO-3(?,?,?,?,?,00007FF8204322A6), ref: 00007FF8204322EA
                                                                      • Part of subcall function 00007FF8204322C8: OBJ_nid2sn.LIBCRYPTO-3(?,?,?,?,?,00007FF8204322A6), ref: 00007FF8204322FC
                                                                      • Part of subcall function 00007FF8204322C8: OBJ_nid2ln.LIBCRYPTO-3(?,?,?,?,?,00007FF8204322A6), ref: 00007FF820432307
                                                                      • Part of subcall function 00007FF8204322C8: Py_BuildValue.PYTHON313(?,?,?,?,?,00007FF8204322A6), ref: 00007FF820432335
                                                                    • ASN1_OBJECT_free.LIBCRYPTO-3(?,?,00000000,00007FF82043B651), ref: 00007FF82043B6E1
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Err_$BuildFormatJ_nid2lnJ_nid2objJ_nid2snJ_obj2nidModule_StateStringT_freeValue
                                                                    • String ID: NID must be positive.$unknown NID %i
                                                                    • API String ID: 1079357630-2656559464
                                                                    • Opcode ID: abe72a7ee1454f4d477f0f759598b8ebbd8a985ba590e8df85e0aae4297b49e9
                                                                    • Instruction ID: 516d28509b728de459aa0c4cbfdb346d3543b7338ff52e5587c818f2d0c032a7
                                                                    • Opcode Fuzzy Hash: abe72a7ee1454f4d477f0f759598b8ebbd8a985ba590e8df85e0aae4297b49e9
                                                                    • Instruction Fuzzy Hash: 9D010C24B08A4281EA049B26FD54139A371BF88BD8B64E435EE0E47B65EE2CF4458781
                                                                    Function 00007FF82043674C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 38COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Err_O_ctrlO_freeO_newO_s_memO_set_flagsString
                                                                    • String ID: failed to allocate BIO
                                                                    • API String ID: 68942223-3472608418
                                                                    • Opcode ID: 2474ccac4c6c792abb4efc7594054718eecbe9b67523543a00c09a9c83f4fb78
                                                                    • Instruction ID: e29d36313b6a3807628a47d1af4ba494a68a853c346daee67bc425438175b656
                                                                    • Opcode Fuzzy Hash: 2474ccac4c6c792abb4efc7594054718eecbe9b67523543a00c09a9c83f4fb78
                                                                    • Instruction Fuzzy Hash: 16010C65A08A0382EB189B22BC5423963A1EF88FDDF65E034DD1E06754EF3CF4548380
                                                                    Function 00007FF833AB14BC Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: abort$AdjustPointer
                                                                    • String ID:
                                                                    • API String ID: 1501936508-0
                                                                    • Opcode ID: a77e56ffb7347bb9ddddd1c8b20b2eb7c3ebdd653f05e7e8cd9cc1452737c897
                                                                    • Instruction ID: c1edad6ab637c80b1cf41c155c0d63f683b1923f1d92872f751fca4f13900694
                                                                    • Opcode Fuzzy Hash: a77e56ffb7347bb9ddddd1c8b20b2eb7c3ebdd653f05e7e8cd9cc1452737c897
                                                                    • Instruction Fuzzy Hash: 4D51CF32E0FE82A5EE658B45915663867A4EF14FC4F098539CA4F677B5DF2CE441A300
                                                                    Function 00007FF833AB12D8 Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: abort$AdjustPointer
                                                                    • String ID:
                                                                    • API String ID: 1501936508-0
                                                                    • Opcode ID: 4f4cdc7b1f5bc10ab634606701f5204aa77954bebd3c90e9ebba0e05a3be14f8
                                                                    • Instruction ID: 18ff47166010e307c46eed98158dc3e9c3cdd73dd0bfaddde4e5318310ff2b04
                                                                    • Opcode Fuzzy Hash: 4f4cdc7b1f5bc10ab634606701f5204aa77954bebd3c90e9ebba0e05a3be14f8
                                                                    • Instruction Fuzzy Hash: F751D171A0FE42A5EEA68B11944663C27A0EF60FC4F098435CA4F67BB5EF2CE441E310
                                                                    Function 00007FF832162700 Relevance: 12.1, APIs: 8, Instructions: 69COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: D_get_sizeDigestErr_FinalMemoryPy_strhexX_copyX_freeX_get0_mdX_new
                                                                    • String ID:
                                                                    • API String ID: 849097643-0
                                                                    • Opcode ID: d513ea03b71b670d74d196db2548aaccefd1c88a3ac57d7d04a9242951ae3963
                                                                    • Instruction ID: 7b26c761a256abc2054086f43b84161964b9e972d94ba8ff381e6c323bd0da1e
                                                                    • Opcode Fuzzy Hash: d513ea03b71b670d74d196db2548aaccefd1c88a3ac57d7d04a9242951ae3963
                                                                    • Instruction Fuzzy Hash: F4319F22E0CA8281EB629B21E6552BD63A0BF98BC9F044035CD4EC77B5DFACF444A340
                                                                    Function 00007FF82043BD0C Relevance: 12.1, APIs: 8, Instructions: 66threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Dealloc$Eval_Thread$O_free_allRestoreSave
                                                                    • String ID:
                                                                    • API String ID: 86175192-0
                                                                    • Opcode ID: b5783daa98047028465a055917c68d54bbfecb0acc65b7e9e71c0a2af83566c9
                                                                    • Instruction ID: 8d9d8c3a1d67ab903b375c4d1c74b345880d6c1b205026a193d8ddcb1f798bc9
                                                                    • Opcode Fuzzy Hash: b5783daa98047028465a055917c68d54bbfecb0acc65b7e9e71c0a2af83566c9
                                                                    • Instruction Fuzzy Hash: CD311A32A0AB1187EA59AF65E94017873B0FF44F98B24A434EB1D42B44CF3DB462C7C0
                                                                    Function 00007FF82043BC40 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: From$StringUnicode_$DeallocLongLong_R_get_bitsR_get_nameR_get_versionTuple_
                                                                    • String ID:
                                                                    • API String ID: 4201023408-0
                                                                    • Opcode ID: 694daf49578cdeec539f1b14d37a01f968eb374e816ba3b53c48cb947ac29cd1
                                                                    • Instruction ID: 76302e25384217111c341cd5d6a752187e4bab81689b9c74b6eb2c05c0eb5320
                                                                    • Opcode Fuzzy Hash: 694daf49578cdeec539f1b14d37a01f968eb374e816ba3b53c48cb947ac29cd1
                                                                    • Instruction Fuzzy Hash: 8B217A31A0974286EE69AF55AD6433862A1AF48BD9F25F43CDA4E47794EE3CB450C3C0
                                                                    Function 00007FF833AB4CEA Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 162COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: FileHeader$ExceptionRaise
                                                                    • String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
                                                                    • API String ID: 3685223789-928371585
                                                                    • Opcode ID: 4f73c46b7be505823b8c23bdf2e01a106e3a134808b8006f3c7a9710838bb3a8
                                                                    • Instruction ID: df6685305ece9265382d2d87595369df92fa0284402dd79f8c8e9f9c036b2e34
                                                                    • Opcode Fuzzy Hash: 4f73c46b7be505823b8c23bdf2e01a106e3a134808b8006f3c7a9710838bb3a8
                                                                    • Instruction Fuzzy Hash: C651F562B1AE46A6EE20DF11E4825B96360FF54BC4F404532EA8E63775EF3CE585E700
                                                                    Function 00007FF833ABD444 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Name::operator+
                                                                    • String ID: {for
                                                                    • API String ID: 2943138195-864106941
                                                                    • Opcode ID: c8c0eb25e8b680b21b04dbc78bc85cadbb1d2f305e65e2eabc9fe04fafa5b067
                                                                    • Instruction ID: 9916eb0d1f620333c31275748bee96238dc2ef30df057f493303c20d41bd3d5f
                                                                    • Opcode Fuzzy Hash: c8c0eb25e8b680b21b04dbc78bc85cadbb1d2f305e65e2eabc9fe04fafa5b067
                                                                    • Instruction Fuzzy Hash: CF514972A09E85A9FB019F29D4823E877A0FB44788F808135EA4D6BBA5DF7CD554E310
                                                                    Function 00007FF820436FCC Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 116COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Arg_$ArgumentKeywordsObject_SubtypeTrueType_Unpack
                                                                    • String ID: _wrap_bio$argument 'incoming'$argument 'outgoing'
                                                                    • API String ID: 2315463680-586963342
                                                                    • Opcode ID: 838a6d105657d4919e830170e037282a562c3bbcea2594e4a4668bc8a4160203
                                                                    • Instruction ID: eddc5e5dc080ca72a9b3c727832a77c5c938f938f89ed9cc0fa9949de60176ca
                                                                    • Opcode Fuzzy Hash: 838a6d105657d4919e830170e037282a562c3bbcea2594e4a4668bc8a4160203
                                                                    • Instruction Fuzzy Hash: D8419162B19B4292EE648B02ED40A6967B4FB48BD8F64A036DE8C47B54DF3CF455C340
                                                                    Function 00007FF820432358 Relevance: 10.6, APIs: 7, Instructions: 91COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: J_obj2txt$FromMallocMem_SizeStringUnicode_
                                                                    • String ID:
                                                                    • API String ID: 2822617359-0
                                                                    • Opcode ID: b4050b67c458743d515a08d1790e83dba62b41b3d98b401c891420ebd7ecae19
                                                                    • Instruction ID: 942ce704a10d3333c9ee8e83eb7cf06495dc2b58f26c58157b6795dad5f3a0d8
                                                                    • Opcode Fuzzy Hash: b4050b67c458743d515a08d1790e83dba62b41b3d98b401c891420ebd7ecae19
                                                                    • Instruction Fuzzy Hash: 2831A131B18A9286F7209B22AD4077A6290AF88FCDF64E430ED0E83795DE3CF4058780
                                                                    Function 00007FF833ABCA04 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: NameName::atol
                                                                    • String ID: `template-parameter$void
                                                                    • API String ID: 2130343216-4057429177
                                                                    • Opcode ID: 39600c2fadeceed4c6c28385a1cdb72227216fd67de7d66948b2e2ddd060d726
                                                                    • Instruction ID: 5f16775e3520b18e2208e42216e2fc98fdc8fc583977e41962aa6ef3ccb08b3c
                                                                    • Opcode Fuzzy Hash: 39600c2fadeceed4c6c28385a1cdb72227216fd67de7d66948b2e2ddd060d726
                                                                    • Instruction Fuzzy Hash: 9A414922B09F5698FB00CBA5D8522EC2375BB48BC8F540139DE4D6BAA5DF7CA545E340
                                                                    Function 00007FF833AB75D0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 81COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Name::operator+
                                                                    • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                    • API String ID: 2943138195-2211150622
                                                                    • Opcode ID: 8129fa0169d6cc1cc5ca1a8c8b43bbbd082598864b82464398da58a00a821778
                                                                    • Instruction ID: a1a2c6432bb76e2f891838d32f9ca1a5c1d6c2b879ed1010b6b12412f56bc919
                                                                    • Opcode Fuzzy Hash: 8129fa0169d6cc1cc5ca1a8c8b43bbbd082598864b82464398da58a00a821778
                                                                    • Instruction Fuzzy Hash: 18413872E09F46ADF7018B68D8522BC37A0BB08388F544539EA4C673B4DFBDA540E700
                                                                    Function 00007FF833AB9554 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 79COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Name::operator+
                                                                    • String ID: char $int $long $short $unsigned
                                                                    • API String ID: 2943138195-3894466517
                                                                    • Opcode ID: a795c7ce3634cae38f4d320bfb7043b724aba026ad47a4d3d8bcb9e9dd899c8c
                                                                    • Instruction ID: 3eae6b5825680eb2193b17a91592f6bf62781f8699d19b931fe4f10b6307d66f
                                                                    • Opcode Fuzzy Hash: a795c7ce3634cae38f4d320bfb7043b724aba026ad47a4d3d8bcb9e9dd899c8c
                                                                    • Instruction Fuzzy Hash: 2D314B72A1DE5199E7018F69D8561B837B0BB09784F448239DA0C67BA8DF3CE548E710
                                                                    Function 00007FF820433DAC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Err_N_get_id$ArgumentCallInternalmemcmp
                                                                    • String ID: D:\a\1\s\Modules\_ssl.c
                                                                    • API String ID: 2709062062-132925792
                                                                    • Opcode ID: 44f7a3552466cd1fdc128103fef8feb6811b87f97167d4fba6d6e3d47dddf76d
                                                                    • Instruction ID: ec694c2f3bca66f459be23dbacc97c49c57c14269edda684c5056c085ccab21e
                                                                    • Opcode Fuzzy Hash: 44f7a3552466cd1fdc128103fef8feb6811b87f97167d4fba6d6e3d47dddf76d
                                                                    • Instruction Fuzzy Hash: C6315222A0D64281EE588B19ADD513922A0EFD4BCEF30E435E94E47BA4DF2DF841C780
                                                                    Function 00007FF8321636F0 Relevance: 10.6, APIs: 7, Instructions: 70COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Dealloc$Module_Py_hashtable_destroyState
                                                                    • String ID:
                                                                    • API String ID: 3151084188-0
                                                                    • Opcode ID: 50fb4c3440bbd36bed1722a59f209d76b06c80471b48763ce13dcdfe672c265f
                                                                    • Instruction ID: 91e091fc923873dba6d39079f8e3160d2d465082a361fa3570b30ef2aac7c390
                                                                    • Opcode Fuzzy Hash: 50fb4c3440bbd36bed1722a59f209d76b06c80471b48763ce13dcdfe672c265f
                                                                    • Instruction Fuzzy Hash: ED312A7690AA0281EA5B8F759B540BC73A4EF45FD4B288534CE0E87664CFBDB445E340
                                                                    Function 00007FF702BC7BB0 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                    • String ID:
                                                                    • API String ID: 995526605-0
                                                                    • Opcode ID: 4b16fab3d36e05ad3a3445a5c074aa8767ee98c8fbd83efe929b6b0b20bb971a
                                                                    • Instruction ID: 8cfc813de7c238c15db4b6dd04aec45e2e28291219666565753c9ca9a463578d
                                                                    • Opcode Fuzzy Hash: 4b16fab3d36e05ad3a3445a5c074aa8767ee98c8fbd83efe929b6b0b20bb971a
                                                                    • Instruction Fuzzy Hash: CD216733A0CA4342EB10AB55E85012AEBA5EF857E4F940235D66D47AF5EFFCD445CB10
                                                                    Function 00007FF82043688C Relevance: 10.6, APIs: 7, Instructions: 58COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Bytes_O_ctrl_pending$DeallocFromModuleO_readResizeSizeStateStringType_
                                                                    • String ID:
                                                                    • API String ID: 3878297189-0
                                                                    • Opcode ID: 9a6d3cb3e12bb98c0834fcfec4fdf864afe482360c833ac9e57ea50882e6aae4
                                                                    • Instruction ID: ef1e16ed59b0e43539b99eec0afd210cc11d178120f6f107eedfa72060db6265
                                                                    • Opcode Fuzzy Hash: 9a6d3cb3e12bb98c0834fcfec4fdf864afe482360c833ac9e57ea50882e6aae4
                                                                    • Instruction Fuzzy Hash: 1B214971B09B0382EB14AB25ED8423962A1FF88BD8F34E431DA1D42798DF3DF4558680
                                                                    Function 00007FF820438EA0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _Py_Dealloc.PYTHON313(?,?,?,?,?,00007FF820438E8D), ref: 00007FF820438F2A
                                                                    • SSL_CTX_set_psk_client_callback.LIBSSL-3(?,?,?,?,?,00007FF820438E8D), ref: 00007FF820438F49
                                                                      • Part of subcall function 00007FF8204363A4: ERR_peek_last_error.LIBCRYPTO-3 ref: 00007FF8204363BC
                                                                      • Part of subcall function 00007FF8204363A4: ERR_clear_error.LIBCRYPTO-3 ref: 00007FF8204363E5
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: DeallocR_clear_errorR_peek_last_errorX_set_psk_client_callback
                                                                    • String ID: Cannot add PSK client callback to a PROTOCOL_TLS_SERVER context$callback must be callable
                                                                    • API String ID: 2691713179-986965153
                                                                    • Opcode ID: 9fad3c0e95f9df5c0e9635192c6680f04d1fe12d24bc6742f563278e5720abb0
                                                                    • Instruction ID: c1faba97ed5c9e60650e7c4847ca95d25c8e541325f94dc6a21b0d021eb6965d
                                                                    • Opcode Fuzzy Hash: 9fad3c0e95f9df5c0e9635192c6680f04d1fe12d24bc6742f563278e5720abb0
                                                                    • Instruction Fuzzy Hash: 37213875A18B0286EB149F25ED50139A3A1FF44BDCB24E035EA4D47B64CF7CF4558780
                                                                    Function 00007FF820438D54 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: ConverterDeallocErr_FormatJ_sn2nidR_clear_errorR_peek_last_errorUnicode_X_ctrl
                                                                    • String ID: unknown elliptic curve name %R
                                                                    • API String ID: 3792718242-553976147
                                                                    • Opcode ID: 81f9ca696b51c59f6a3d49e6dc3585ce193b5f0212146f7993cad29024688c15
                                                                    • Instruction ID: ab7875359fcfdbfe91d26dd7049a574b5a207c461d35942cb6c6eff793dc8d45
                                                                    • Opcode Fuzzy Hash: 81f9ca696b51c59f6a3d49e6dc3585ce193b5f0212146f7993cad29024688c15
                                                                    • Instruction Fuzzy Hash: A311EF71A0874685EB109F26EC44179A361FF94BDCF609035EA0D86BA4DF3CF454C780
                                                                    Function 00007FF820434674 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: X_set_msg_callback$Callable_CheckDeallocErr_String
                                                                    • String ID: not a callable object
                                                                    • API String ID: 3435843511-3332612890
                                                                    • Opcode ID: 0e74e9e448d53aab8767a55799a3934211c03b946043e84cbff7bfb11811a67d
                                                                    • Instruction ID: a162a982feee5f79fa62ac7bb3fed45c718975cbb0132e5b3e28ef2a729703c9
                                                                    • Opcode Fuzzy Hash: 0e74e9e448d53aab8767a55799a3934211c03b946043e84cbff7bfb11811a67d
                                                                    • Instruction Fuzzy Hash: 8B110D75A0990286EB549F25ED5527823A0FF85BDCF64E131DA1D86398DF3CF4958380
                                                                    Function 00007FF82043CD20 Relevance: 10.5, APIs: 7, Instructions: 37COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: X509_$T_get0_T_set1_X509$T_freeT_get_typeT_new
                                                                    • String ID:
                                                                    • API String ID: 4176268728-0
                                                                    • Opcode ID: 5757a03982bfbc8f959103c839d8cae09d4c002e6da232769fe10bf764f0053c
                                                                    • Instruction ID: e561294149841c60343fc1f93bc494cbf13feb3469f526c1b9a2b668d8be4a16
                                                                    • Opcode Fuzzy Hash: 5757a03982bfbc8f959103c839d8cae09d4c002e6da232769fe10bf764f0053c
                                                                    • Instruction Fuzzy Hash: A401C921A0D60381EA685F267D5813D5660AF59FC9B24F434EC1F46754DE3CF59543C1
                                                                    Function 00007FF8204385F8 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 35COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Arg_Err_ParseString
                                                                    • String ID: SSLContext is not a server context.$failed to set num tickets.$value must be non-negative
                                                                    • API String ID: 3035617879-3995814857
                                                                    • Opcode ID: 241836711240340c77a188ccd0fe2134d1461657184d3719c4973c29f7e10ce8
                                                                    • Instruction ID: 968347dd42a80c0b83db15b93fc1a32d2b2499d907788c17b986d2973042035c
                                                                    • Opcode Fuzzy Hash: 241836711240340c77a188ccd0fe2134d1461657184d3719c4973c29f7e10ce8
                                                                    • Instruction Fuzzy Hash: DA014C61A08B42D6EB548B59EC90078A371FF447D8BA0A036EA1D47BA4DF2CF4A8C740
                                                                    Function 00007FF833AB967C Relevance: 9.2, APIs: 6, Instructions: 160COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Name::operator+$NameName::
                                                                    • String ID:
                                                                    • API String ID: 168861036-0
                                                                    • Opcode ID: fb95027d3fcee506583ce7d96f70b522a78626fdc6e378da2ca402aa0a92e4da
                                                                    • Instruction ID: cc0e1b5c48545f34e9a4b1845c5c6601b1f901234e117c3ea5072615e7030376
                                                                    • Opcode Fuzzy Hash: fb95027d3fcee506583ce7d96f70b522a78626fdc6e378da2ca402aa0a92e4da
                                                                    • Instruction Fuzzy Hash: 5D717472A1DE92A9FB108FA5D8823AC37A1BB047C4F548139DA0D67BA5DF7DE451E300
                                                                    Function 00007FF833AB50B0 Relevance: 9.1, APIs: 6, Instructions: 83stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: free$EntryInterlockedListNamePush__unmallocstrcpy_s
                                                                    • String ID:
                                                                    • API String ID: 3741236498-0
                                                                    • Opcode ID: d800493cf60e4af3f4a7c920cc646ece182b7dab7bd32bb736cb4877c8bf044e
                                                                    • Instruction ID: dfb8ef7c2eff3d9bffd273466c9e05a353851b64f60cac8fa4e37c59bcc4dd40
                                                                    • Opcode Fuzzy Hash: d800493cf60e4af3f4a7c920cc646ece182b7dab7bd32bb736cb4877c8bf044e
                                                                    • Instruction Fuzzy Hash: 2D31C422B1AF51A5EA15DF26A80556923A0FF08FE4B994631DD2E133A0EE3DD442D300
                                                                    Function 00007FF8204399DC Relevance: 9.1, APIs: 6, Instructions: 72COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: DeallocInsertL_get1_peer_certificateL_get_peer_cert_chainList_
                                                                    • String ID:
                                                                    • API String ID: 710524685-0
                                                                    • Opcode ID: a7520bf5300b15acef74c25d4a6e969661d20b567664a7ea2d42d6858191b5c4
                                                                    • Instruction ID: 164a25eeacadcab50a42003f722531152d93605b36ccb2a56c5140a5423e7442
                                                                    • Opcode Fuzzy Hash: a7520bf5300b15acef74c25d4a6e969661d20b567664a7ea2d42d6858191b5c4
                                                                    • Instruction Fuzzy Hash: 1031F631A09B4282EA14AB16ED5413923A1AF84FE8F24A234DE1D47794DF3DFC51C780
                                                                    Function 00007FF82043476C Relevance: 9.1, APIs: 6, Instructions: 61COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: List_$DeallocItemL_sk_numL_sk_valueX509_up_ref
                                                                    • String ID:
                                                                    • API String ID: 2540853196-0
                                                                    • Opcode ID: d81c937acadfeca5b7f970a6f3de32c0025effed79b3e3a0c985e4d3e3bd9c0d
                                                                    • Instruction ID: 4092bc90cb9679659826d3b880c406673c65d2ff5761ab9904f97f576a859f88
                                                                    • Opcode Fuzzy Hash: d81c937acadfeca5b7f970a6f3de32c0025effed79b3e3a0c985e4d3e3bd9c0d
                                                                    • Instruction Fuzzy Hash: 3111E621A09B4282EA19AF16BC041B963A0BFC9FE8F65D531DD2D43794DF3CF4428380
                                                                    Function 00007FF832163580 Relevance: 9.1, APIs: 6, Instructions: 59COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Mem_Py_hashtable_set$FreeMallocPy_hashtable_destroyPy_hashtable_new_full
                                                                    • String ID:
                                                                    • API String ID: 3987031744-0
                                                                    • Opcode ID: f94e81f08e01ae178025ccfcacd7c5abcc2ee10e5cb098ca28c553effc52cefe
                                                                    • Instruction ID: 08071db3935d8ca768a6f974d540cad221d807e146ea9b71aae8f06dbc7ca5f8
                                                                    • Opcode Fuzzy Hash: f94e81f08e01ae178025ccfcacd7c5abcc2ee10e5cb098ca28c553effc52cefe
                                                                    • Instruction Fuzzy Hash: 22210821A19B8692EB128B25DA003BD63A0FF45FC4F049135CE4D837B5DFBDF1959640
                                                                    Function 00007FF833AB2604 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 193COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: abort$CallEncodePointerTranslator
                                                                    • String ID: MOC$RCC
                                                                    • API String ID: 2889003569-2084237596
                                                                    • Opcode ID: d60a8ffad84e6f064a5763a2c166d11077ba1814d2ca81799213d95430020a2c
                                                                    • Instruction ID: 87f51f6927c3993cde93e2aef6ca2f0acb68eb25b0e245e9f02596f836fe14af
                                                                    • Opcode Fuzzy Hash: d60a8ffad84e6f064a5763a2c166d11077ba1814d2ca81799213d95430020a2c
                                                                    • Instruction Fuzzy Hash: 1191AF73A09B869AE710CB64E8412AC7BB0FB457C8F14412AEA8D67B65DF3CD195DB00
                                                                    Function 00007FF833ABADD0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Name::operator+
                                                                    • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                                                                    • API String ID: 2943138195-757766384
                                                                    • Opcode ID: 130e2d842e8b7dca47c2836e89f717505be4afbf408c40d13b3259f38f6b460e
                                                                    • Instruction ID: 6c921fa1840ffa06adfde27209eaf49deaf4d1347eb3cfc0239f41440d983f93
                                                                    • Opcode Fuzzy Hash: 130e2d842e8b7dca47c2836e89f717505be4afbf408c40d13b3259f38f6b460e
                                                                    • Instruction Fuzzy Hash: 9D716872A0EE52A8EB148F65D8520BC6BA5FB057C0F844639DA5D67BB9DF3CE150E300
                                                                    Function 00007FF833AB2DB0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 163COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __except_validate_context_record.LIBVCRUNTIME ref: 00007FF833AB2DDA
                                                                      • Part of subcall function 00007FF833AB5508: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF833AB108E), ref: 00007FF833AB5516
                                                                    • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF833AB2F2F
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: abort$__except_validate_context_record
                                                                    • String ID: $csm$csm
                                                                    • API String ID: 3000080923-1512788406
                                                                    • Opcode ID: 53f907965be1a88a6fd5fb15d1f71a23af454141565bf2445c328556a8274992
                                                                    • Instruction ID: f2a64c930cff62354ed7cefede4f5a286ba28fb2831b7ef61af66aab7e30d9fc
                                                                    • Opcode Fuzzy Hash: 53f907965be1a88a6fd5fb15d1f71a23af454141565bf2445c328556a8274992
                                                                    • Instruction Fuzzy Hash: F571D17290AA8196D7618F22D05177C7BA0FB04FC4F048136EB8D67AA9CF3CD4A1E740
                                                                    Function 00007FF833AB2394 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: abort$CallEncodePointerTranslator
                                                                    • String ID: MOC$RCC
                                                                    • API String ID: 2889003569-2084237596
                                                                    • Opcode ID: 9aa894c3c893ab74ee705d7221e0eb3435fed3f33ad5ca95d206f26215c5ec13
                                                                    • Instruction ID: 9ddf1129e321290791cc92dadeb10e5a731661eba30971fa96bc8ca503c59a66
                                                                    • Opcode Fuzzy Hash: 9aa894c3c893ab74ee705d7221e0eb3435fed3f33ad5ca95d206f26215c5ec13
                                                                    • Instruction Fuzzy Hash: 5661A032909FC595EB619F15E4413AAB7A0FB94BD4F044226EB9D23BA9DF3CD190CB40
                                                                    Function 00007FF833AB2B88 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __except_validate_context_record.LIBVCRUNTIME ref: 00007FF833AB2BB0
                                                                      • Part of subcall function 00007FF833AB5508: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF833AB108E), ref: 00007FF833AB5516
                                                                    • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF833AB2C7F
                                                                    • __FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF833AB2C8F
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Frameabort$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                    • String ID: csm$csm
                                                                    • API String ID: 1245442199-3733052814
                                                                    • Opcode ID: 20a4f0483044e05ead07b9216d24a097e489e06d9183abde2aaa2290edabb471
                                                                    • Instruction ID: bee8c37c0d315f18b184ca6351ea5d28b34ef2bf05f8865646cca135e7927e7d
                                                                    • Opcode Fuzzy Hash: 20a4f0483044e05ead07b9216d24a097e489e06d9183abde2aaa2290edabb471
                                                                    • Instruction Fuzzy Hash: 1461C132909A82AAEB648F11944A37837A0FB55BC4F144236DA4D63BE5CF3CE491E740
                                                                    Function 00007FF833AB42F0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 135COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: FileHeader
                                                                    • String ID: MOC$RCC$csm$csm
                                                                    • API String ID: 104395404-1441736206
                                                                    • Opcode ID: cc2941d08898c29ec0b938c5700553895786508ed6a70616e0c5efaebfc34f81
                                                                    • Instruction ID: 0209e4aa53e85a7264b89e885122d3461b76ea753c7003d2004cce845eaab8e5
                                                                    • Opcode Fuzzy Hash: cc2941d08898c29ec0b938c5700553895786508ed6a70616e0c5efaebfc34f81
                                                                    • Instruction Fuzzy Hash: 8651C372A0AE42A7EA609F55914217D37A0FF547D4F080135DF8D677A6CF3CE4A1A701
                                                                    Function 00007FF820437234 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 103COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Arg_$ArgumentKeywordsObject_TrueUnpack
                                                                    • String ID: _wrap_socket$argument 'sock'
                                                                    • API String ID: 2318005752-3343203394
                                                                    • Opcode ID: dc0d85a0c19cb851e8d6372f9d1a1974b7fe9c79765e4d25fe9c64e906786457
                                                                    • Instruction ID: 142b83b550510e9ce8bd711270f2897042fbb42dd52946517bb6d8ab305978a0
                                                                    • Opcode Fuzzy Hash: dc0d85a0c19cb851e8d6372f9d1a1974b7fe9c79765e4d25fe9c64e906786457
                                                                    • Instruction Fuzzy Hash: F741C722B09B4292EA61DB02EC40A6977A0FF49BD8F649036EE8C47B54DF3CF455D780
                                                                    Function 00007FF832161CC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Arg_$Err_KeywordsObject_ParseStringTrueUnpack
                                                                    • String ID: name must be a string
                                                                    • API String ID: 3849491949-2047992663
                                                                    • Opcode ID: aa9ed4a75b2b874103aa81bbe353c1eee82910cb93a31c9ea86ac7f182949ae7
                                                                    • Instruction ID: f603dad2c30a6c3726f36b5e27a89917e1028296596749ac485f8df27645fc32
                                                                    • Opcode Fuzzy Hash: aa9ed4a75b2b874103aa81bbe353c1eee82910cb93a31c9ea86ac7f182949ae7
                                                                    • Instruction Fuzzy Hash: CC316F22B19A4686EA928B16E9547FE63A0BF44FC4F444035DE8D87764EFBDF405E700
                                                                    Function 00007FF820436650 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Arg_$KeywordsModuleModule_PositionalStateType_
                                                                    • String ID: MemoryBIO
                                                                    • API String ID: 2980520244-1677681617
                                                                    • Opcode ID: 9b2b3b17ace46d97747815d6853285ee6653c29bbac7b52619ef8a42bd7e2d2f
                                                                    • Instruction ID: b83d956ca1be9fd9fc6602dedba89abce77f0bee459fb2068f4e823211925a04
                                                                    • Opcode Fuzzy Hash: 9b2b3b17ace46d97747815d6853285ee6653c29bbac7b52619ef8a42bd7e2d2f
                                                                    • Instruction Fuzzy Hash: B9213821A09A4685EB508F12ED4517A67A5FB44FC8F68D032DE4C4B794DE3CF895C380
                                                                    Function 00007FF8204394F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: DeallocErr_L_set_L_set_msg_callbackStringSubtypeType_
                                                                    • String ID: The value must be a SSLContext
                                                                    • API String ID: 40619448-677980480
                                                                    • Opcode ID: 69df8e042678aa7c582c87add60441d4c98d843cc024008db5b3bf5aac55d10b
                                                                    • Instruction ID: fb4140aab0f7e89c12ba9535fe3bda2cada2836f84503927303c966236752e69
                                                                    • Opcode Fuzzy Hash: 69df8e042678aa7c582c87add60441d4c98d843cc024008db5b3bf5aac55d10b
                                                                    • Instruction Fuzzy Hash: 0911DDB6A08A4681EB149F2AED8512933A5FB88FDDB24A131DE5D47364CF28E494C780
                                                                    Function 00007FF820432260 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • OBJ_txt2obj.LIBCRYPTO-3 ref: 00007FF820432280
                                                                    • PyModule_GetState.PYTHON313 ref: 00007FF820432295
                                                                      • Part of subcall function 00007FF8204322C8: OBJ_obj2nid.LIBCRYPTO-3(?,?,?,?,?,00007FF8204322A6), ref: 00007FF8204322EA
                                                                      • Part of subcall function 00007FF8204322C8: OBJ_nid2sn.LIBCRYPTO-3(?,?,?,?,?,00007FF8204322A6), ref: 00007FF8204322FC
                                                                      • Part of subcall function 00007FF8204322C8: OBJ_nid2ln.LIBCRYPTO-3(?,?,?,?,?,00007FF8204322A6), ref: 00007FF820432307
                                                                      • Part of subcall function 00007FF8204322C8: Py_BuildValue.PYTHON313(?,?,?,?,?,00007FF8204322A6), ref: 00007FF820432335
                                                                    • ASN1_OBJECT_free.LIBCRYPTO-3 ref: 00007FF8204322AC
                                                                    • PyErr_Format.PYTHON313 ref: 00007FF820433B7E
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: BuildErr_FormatJ_nid2lnJ_nid2snJ_obj2nidJ_txt2objModule_StateT_freeValue
                                                                    • String ID: unknown object '%.100s'
                                                                    • API String ID: 3313133940-3113687063
                                                                    • Opcode ID: d01e1ee3a17dfa12fe676aa0155a89f6f6d753ecb6e870dfab91fe1a47eaf9dc
                                                                    • Instruction ID: a868d4ee62945ce6367aae30e8149706f9833e0cbb91d471eeaf27cd24b9fe04
                                                                    • Opcode Fuzzy Hash: d01e1ee3a17dfa12fe676aa0155a89f6f6d753ecb6e870dfab91fe1a47eaf9dc
                                                                    • Instruction Fuzzy Hash: 44F03125B08B4681EE04DB27BD54039A3A1EF8CFC8B58E430ED0E47B15DE2CF4558740
                                                                    Function 00007FF82043B8C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: DeallocErr_FormatFromModuleO_newO_s_memStateStringType_Unicode_X509_get_subject_name
                                                                    • String ID: <%s '%U'>
                                                                    • API String ID: 652521511-3496504151
                                                                    • Opcode ID: 09fee05697fe1ddf660e480f50781052fcdbbe259c8a5a468aef6c705f5c0fb1
                                                                    • Instruction ID: f385db4d49e0826b4395b408ded20616dbcc046923a10d503004c1aa8d32d9d9
                                                                    • Opcode Fuzzy Hash: 09fee05697fe1ddf660e480f50781052fcdbbe259c8a5a468aef6c705f5c0fb1
                                                                    • Instruction Fuzzy Hash: 0E01EC65A09B4681EA04AB16FD4426963A1FF48FD8F68A031DF5D47769DF3CF451C380
                                                                    Function 00007FF832163800 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 28COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Module_$Err_ExceptionObjectState
                                                                    • String ID: UnsupportedDigestmodError$_hashlib.UnsupportedDigestmodError
                                                                    • API String ID: 2341384915-1819944972
                                                                    • Opcode ID: 076402d4510f481339732df60880894f327e29f20a954e6d19425addee5c67e8
                                                                    • Instruction ID: 7196a1850ff4648e5e4fa3a4fdaeb473ba9f9bcd2ed0f23e624c55ea62171bd8
                                                                    • Opcode Fuzzy Hash: 076402d4510f481339732df60880894f327e29f20a954e6d19425addee5c67e8
                                                                    • Instruction Fuzzy Hash: 06F09061B28A8281EB128B29EA441BE33A4FF08FD4B485235DD2D877B4DF6CF0549700
                                                                    Function 00007FF83216588C Relevance: 7.6, APIs: 5, Instructions: 80COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: BufferBuffer_Object_Release$Arg_KeywordsUnpack
                                                                    • String ID:
                                                                    • API String ID: 3242278262-0
                                                                    • Opcode ID: be9c9fad4063cb8fb70c60801e7bd1cd8d5566258cd7a0214ab97a0483edaef3
                                                                    • Instruction ID: 1c058d074db4cb0649a64fedb40766c6e5748724f329bfa80fe0f5e444b24bdd
                                                                    • Opcode Fuzzy Hash: be9c9fad4063cb8fb70c60801e7bd1cd8d5566258cd7a0214ab97a0483edaef3
                                                                    • Instruction Fuzzy Hash: 43317D22E18BC591EA21CB25A5413FEA3A0FB997D8F405235DE8C83669DFBCE184D700
                                                                    Function 00007FF82043CC4C Relevance: 7.6, APIs: 5, Instructions: 64encryptionCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CertStore$CloseOpen$Collection
                                                                    • String ID:
                                                                    • API String ID: 1995843185-0
                                                                    • Opcode ID: af3ab4bbe6dfa70654ec8137e7ab242bfacac4045521eceec2c46d77ea814062
                                                                    • Instruction ID: 178354611197502d469d700704be79be37a911875efca3e78a0c2c8adc43a39b
                                                                    • Opcode Fuzzy Hash: af3ab4bbe6dfa70654ec8137e7ab242bfacac4045521eceec2c46d77ea814062
                                                                    • Instruction Fuzzy Hash: 7F21BE32B1875186FB249F26EC4466A62A1FB88FC8F549430DE0D03B14EF3CF5568740
                                                                    Function 00007FF8321623B0 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Arg_DeallocErr_IndexKeywordsLong_Number_OccurredSsize_tUnpack
                                                                    • String ID:
                                                                    • API String ID: 2202598743-0
                                                                    • Opcode ID: 8bd49de8edf2719edd1383f98671173d62cae61ae83d241d7d577c3798b6e468
                                                                    • Instruction ID: f807d667e6700c599554142a5ad24281b291be87220b8e0e9a4cba2f62dd6a1e
                                                                    • Opcode Fuzzy Hash: 8bd49de8edf2719edd1383f98671173d62cae61ae83d241d7d577c3798b6e468
                                                                    • Instruction Fuzzy Hash: 3A216231A19B4281EA568B15A6442FD6291BF49BE4F484234DD7D87BF4DFBDF005A700
                                                                    Function 00007FF832162580 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Arg_DeallocErr_IndexKeywordsLong_Number_OccurredSsize_tUnpack
                                                                    • String ID:
                                                                    • API String ID: 2202598743-0
                                                                    • Opcode ID: 5a99779b1944d046650336c423d0cab34af7b93e825475350489e6fca7d1728b
                                                                    • Instruction ID: c0e6bdeeaf2af3e790ffc0fbb38cb4524488e2796f7222071a26d30bddf363fe
                                                                    • Opcode Fuzzy Hash: 5a99779b1944d046650336c423d0cab34af7b93e825475350489e6fca7d1728b
                                                                    • Instruction Fuzzy Hash: BE217131A1974282EE628B15A6142FE6291BF49BE0F584734ED6D877F4EFBCF405A700
                                                                    Function 00007FF8204392D8 Relevance: 7.6, APIs: 5, Instructions: 52COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: X509_$Arg_M_clear_flagsM_get_flagsM_set_flagsParseX_get0_param
                                                                    • String ID:
                                                                    • API String ID: 1566575135-0
                                                                    • Opcode ID: ce0f19c3705fe7910bed3d958d11c019c5fd2123d4416cf8078bc31e30435bfd
                                                                    • Instruction ID: 174517eb6de7c170a7a18a0cac826227f4c6418413aec1d234a1030ead9470c5
                                                                    • Opcode Fuzzy Hash: ce0f19c3705fe7910bed3d958d11c019c5fd2123d4416cf8078bc31e30435bfd
                                                                    • Instruction Fuzzy Hash: 70112E65B0C64282FB109B66EC8017A63A0FF89BD8F24A535DE6E47794DF7CF8158780
                                                                    Function 00007FF820433D44 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: DeallocObject_$N_freeTrack
                                                                    • String ID:
                                                                    • API String ID: 1683932209-0
                                                                    • Opcode ID: c35811dd91d41745219ab90944df56fcc7545b576157fa67a86dad72ef446922
                                                                    • Instruction ID: 22dbfebe6af450e767e8329493f4db88e679601f36b63676d95c5f195c07d7cd
                                                                    • Opcode Fuzzy Hash: c35811dd91d41745219ab90944df56fcc7545b576157fa67a86dad72ef446922
                                                                    • Instruction Fuzzy Hash: C5F0E135A09A4285EA59AF65FD8423863A1FF84BDEF24E030DA1A027548F3CF491C381
                                                                    Function 00007FF833ABE720 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                    • String ID: csm
                                                                    • API String ID: 2395640692-1018135373
                                                                    • Opcode ID: b6877663b72478c921046e8b62552550de42e283109204e7406cf9fbc6b57853
                                                                    • Instruction ID: be02c94db5203f9b101028070778b8578db1da5a855c3f870d016313fe02c57d
                                                                    • Opcode Fuzzy Hash: b6877663b72478c921046e8b62552550de42e283109204e7406cf9fbc6b57853
                                                                    • Instruction Fuzzy Hash: F051AF32B1AE02AAEB588B65E045A7877A1FB44BC8F144130DA8E577A9DF3CE841D740
                                                                    Function 00007FF702BCCBD8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                    • String ID: csm
                                                                    • API String ID: 2395640692-1018135373
                                                                    • Opcode ID: ab412f78eb90613ff4c98a1fac2d50a5770803065215d444c3ce453a3de23157
                                                                    • Instruction ID: 05e0ab72a03eaf728419dbfbc4490645f11cf6419b5e960bc68572ba8e5ca43c
                                                                    • Opcode Fuzzy Hash: ab412f78eb90613ff4c98a1fac2d50a5770803065215d444c3ce453a3de23157
                                                                    • Instruction Fuzzy Hash: 6551C333B196028ADB54EF15E814A79BF91EF54B98FA04132DA4D47768EFBCE841C710
                                                                    Function 00007FF702BCE468 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CallEncodePointerTranslator
                                                                    • String ID: MOC$RCC
                                                                    • API String ID: 3544855599-2084237596
                                                                    • Opcode ID: 2d0d38728c8b81eb1afee087d1255ca92539906646f1d2432080e5defd871a42
                                                                    • Instruction ID: 271b749e63523b8230138710f2ef04f82bf023506b41fa09bb3a2d9fa4b415ba
                                                                    • Opcode Fuzzy Hash: 2d0d38728c8b81eb1afee087d1255ca92539906646f1d2432080e5defd871a42
                                                                    • Instruction Fuzzy Hash: EC6172739187C5C1D660AB15E8403AAFBA0FB94794F544635EB9C077A6EFBCE190CB10
                                                                    Function 00007FF833AB34E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: abort$CreateFrameInfo__except_validate_context_record
                                                                    • String ID: csm
                                                                    • API String ID: 444109036-1018135373
                                                                    • Opcode ID: 7c62ae0bd6f598e5530dee3ab7a169ccc6f3387c11d68efdd1ef4d3d9c7f7e50
                                                                    • Instruction ID: c822f94ceada98788411e2d6d70792e9d9c13d49dd6b0514965bab61dfb3ee12
                                                                    • Opcode Fuzzy Hash: 7c62ae0bd6f598e5530dee3ab7a169ccc6f3387c11d68efdd1ef4d3d9c7f7e50
                                                                    • Instruction Fuzzy Hash: 2F51903261AB4196E660DF16E04226E7BE4FB89BD1F140635EB8D17BA5CF3CE460DB00
                                                                    Function 00007FF833AB99AC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: NameName::
                                                                    • String ID: %lf
                                                                    • API String ID: 1333004437-2891890143
                                                                    • Opcode ID: 96db185dee724ff1af179d5801cdaf6ae824addfb7b5e3897bc050de27ca576d
                                                                    • Instruction ID: 9140d3389d0a4424d0f31ce5e5ab641ffcb9ca6bf9ce9cd141dac6810db6a6c2
                                                                    • Opcode Fuzzy Hash: 96db185dee724ff1af179d5801cdaf6ae824addfb7b5e3897bc050de27ca576d
                                                                    • Instruction Fuzzy Hash: 3031B621A0DF8695E610DB62A8520BA7760FF467C0F444239E94EA77B1DF2CE502E340
                                                                    Function 00007FF82043B7B0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 45COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • PyUnicode_InternFromString.PYTHON313(?,?,00000000,00007FF82043AF2E), ref: 00007FF82043B7CB
                                                                    • PyUnicode_InternFromString.PYTHON313(?,?,00000000,00007FF82043AF2E), ref: 00007FF82043B7F0
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: FromInternStringUnicode_
                                                                    • String ID: pkcs_7_asn$x509_asn
                                                                    • API String ID: 3337471625-3375957347
                                                                    • Opcode ID: d81b9251c528eeed5b7a281549f0a63a72acec505c3521afa2d4c0188ccf6244
                                                                    • Instruction ID: 0f4725a4802e0b940bbc664437d8cd42c60c20fc6e8f1268d62c72b0a5cb391b
                                                                    • Opcode Fuzzy Hash: d81b9251c528eeed5b7a281549f0a63a72acec505c3521afa2d4c0188ccf6244
                                                                    • Instruction Fuzzy Hash: 6D111234E1AA0786FF59AB19EC5423427A4AF587CCB64E438CA4D46790EE3CB455C3D0
                                                                    Function 00007FF8204367F8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Arg_CheckErr_Long_OccurredPositional
                                                                    • String ID: read
                                                                    • API String ID: 3612027452-2555855207
                                                                    • Opcode ID: 351bbdb59e83938dc246935b5a45354ff38433ea48eb4451013ea056b3545cb7
                                                                    • Instruction ID: f5ba8025920988497321f6bba116168e72272587ae97998cbdfda1c9468174b3
                                                                    • Opcode Fuzzy Hash: 351bbdb59e83938dc246935b5a45354ff38433ea48eb4451013ea056b3545cb7
                                                                    • Instruction Fuzzy Hash: 5701C031B19A5285E754AF26AC4002967A0FF88FD8B28E131DE5D877A5CE3CF841C740
                                                                    Function 00007FF832162250 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: D_get_typeDeallocFormatFromJ_nid2lnUnicode_X_md
                                                                    • String ID: <%U %s object @ %p>
                                                                    • API String ID: 943899189-1790359138
                                                                    • Opcode ID: 998d15007a0c1fa81f0979a69a8cbf5cbb11750c47a7124c061dd1ef1bcc3e54
                                                                    • Instruction ID: e85952118b08473c155e26a4b3bd4b1f914ce0edd3212912b34f4bca3084b930
                                                                    • Opcode Fuzzy Hash: 998d15007a0c1fa81f0979a69a8cbf5cbb11750c47a7124c061dd1ef1bcc3e54
                                                                    • Instruction Fuzzy Hash: 66F06221A18682C1EE068B52EA141FDA3A0AF58FC8F084035DE1E877B5DF7CF4549380
                                                                    Function 00007FF820439390 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Err_FromLongLong_StringX_get_verify_mode
                                                                    • String ID: invalid return value from SSL_CTX_get_verify_mode
                                                                    • API String ID: 1883932250-2501269723
                                                                    • Opcode ID: 54452aa58227d0e951130206df9a3a8e7c84ae09de65f172d746f678d178be2c
                                                                    • Instruction ID: bfb8f08c53172c822bf2acfb58219e4d3acf8d86f4d396a6dcdfdb5435b0b357
                                                                    • Opcode Fuzzy Hash: 54452aa58227d0e951130206df9a3a8e7c84ae09de65f172d746f678d178be2c
                                                                    • Instruction Fuzzy Hash: 5DF03672A0854281EB588B16EDA40796320EB4CBCCF78A035DE1EC67E4CE6CF895C340
                                                                    Function 00007FF833AB10F0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00007FF833AB5508: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF833AB108E), ref: 00007FF833AB5516
                                                                    • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF833AB112E
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: abortterminate
                                                                    • String ID: MOC$RCC$csm
                                                                    • API String ID: 661698970-2671469338
                                                                    • Opcode ID: 1e1d061888eb5ed8958d1a3f543fee4a516cb38e8faaed4a66704169c3245728
                                                                    • Instruction ID: 03b2463b5fc04926a0ae110760f350ebc36511ac6968173d19e2728676d4abfe
                                                                    • Opcode Fuzzy Hash: 1e1d061888eb5ed8958d1a3f543fee4a516cb38e8faaed4a66704169c3245728
                                                                    • Instruction Fuzzy Hash: EBF04936919A06A6E7906B61F1820AC37A4FB88BC1F199135D78D27266CF3CE4A0DB01
                                                                    Function 00007FF832165BF8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: D_get_typeDeallocFormatFromJ_nid2lnUnicode_X_get_md
                                                                    • String ID: <%U HMAC object @ %p>
                                                                    • API String ID: 454943875-749664232
                                                                    • Opcode ID: dbcd7a9b5ed1b252e4c26a675f66115dc40f302b5ee01448cee8bc7493086a2a
                                                                    • Instruction ID: 7e0d90d7da45244efa0a45d304ca146ed24e627f611a679d25d9dccc9111d15d
                                                                    • Opcode Fuzzy Hash: dbcd7a9b5ed1b252e4c26a675f66115dc40f302b5ee01448cee8bc7493086a2a
                                                                    • Instruction Fuzzy Hash: CAF05E21A0978691EA068B16FB141BD62A5AF58FD4F080030DE1E877B9DEBDF4449300
                                                                    Function 00007FF82043482C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: DecodeErr_O_ctrlStringUnicode_
                                                                    • String ID: Not a memory BIO
                                                                    • API String ID: 3520065620-587638661
                                                                    • Opcode ID: b345abd18c25ac31ef9b6998ee71dd2d497fbc24df6ed1f3b8aa33085e16c769
                                                                    • Instruction ID: c321be52f5bde01586de7fae3a6f47f6d67f98e4646ce44195032186c8cb67ec
                                                                    • Opcode Fuzzy Hash: b345abd18c25ac31ef9b6998ee71dd2d497fbc24df6ed1f3b8aa33085e16c769
                                                                    • Instruction Fuzzy Hash: C4F03066A2964682EB54DB52FC547B56360FF88BC8F60E031EE4E4A714DF3CF4588780
                                                                    Function 00007FF832165584 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: D_get_typeDeallocFormatFromJ_nid2lnUnicode_X_get_md
                                                                    • String ID: hmac-%U
                                                                    • API String ID: 454943875-3757664071
                                                                    • Opcode ID: a10488b4e6696239da1e3ff35af8d86ccd4e6bb811ab275ccbd012928b99e2e5
                                                                    • Instruction ID: 7622c87aeacf7ad240c93765fbcee977785bd6ee88fb01032dd49ba00dda46ba
                                                                    • Opcode Fuzzy Hash: a10488b4e6696239da1e3ff35af8d86ccd4e6bb811ab275ccbd012928b99e2e5
                                                                    • Instruction Fuzzy Hash: 1DF08222A1564281EA164B12EA181BD63A1AF58BD4F581030CD1E873B5EEBCF445D300
                                                                    Function 00007FF82043A798 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: L_get_versionL_is_init_finishedstrcmp
                                                                    • String ID: unknown
                                                                    • API String ID: 1061301088-2904991687
                                                                    • Opcode ID: 4a3243a4d93ce2c96a08aa7a289b7b360ebed800837ba84b83a7d02ce0007e22
                                                                    • Instruction ID: 7583523352254b3a3db267da10484c906c278f1c2c4e7c234bd0c4922336712f
                                                                    • Opcode Fuzzy Hash: 4a3243a4d93ce2c96a08aa7a289b7b360ebed800837ba84b83a7d02ce0007e22
                                                                    • Instruction Fuzzy Hash: 37F03054F0950280FE189B62BCD517523A0DF98BDCF28A031DD0E4A350DF1CF4A2D380
                                                                    Function 00007FF820434710 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: String$Bytes_Err_FromO_ctrlSize
                                                                    • String ID: Not a memory BIO
                                                                    • API String ID: 2349510700-587638661
                                                                    • Opcode ID: b80bc1f09dad1a10fc3e91e01b334f7c77c8927ed02bd11a8b27f79b65e1ab72
                                                                    • Instruction ID: 2dd5b177db15d982ee39253062234a9e131649fd5d8b6584e70e3eefc1bfc26d
                                                                    • Opcode Fuzzy Hash: b80bc1f09dad1a10fc3e91e01b334f7c77c8927ed02bd11a8b27f79b65e1ab72
                                                                    • Instruction Fuzzy Hash: B0F05E65A2960282EB44DB21FD947B963A0FFC8BC8FA1E031E94E46714DF3CF0088740
                                                                    Function 00007FF702BDD4A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                                    • String ID:
                                                                    • API String ID: 2718003287-0
                                                                    • Opcode ID: fabcd4fad7fa856dcf2e9951dc7cbf89ababb6e1d40fd4369e0489b0ae7d9f25
                                                                    • Instruction ID: a36266ae018545b193c0645ea7325f7f2cfeee6c6f2c5caff0914a8f566873b5
                                                                    • Opcode Fuzzy Hash: fabcd4fad7fa856dcf2e9951dc7cbf89ababb6e1d40fd4369e0489b0ae7d9f25
                                                                    • Instruction Fuzzy Hash: A6D1D033B08A4289E711DF65D8402EC7BB1FB44B98B944235CE9E97B99EF79E406C710
                                                                    Function 00007FF833AB8EC8 Relevance: 6.2, APIs: 4, Instructions: 193COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Name::operator+
                                                                    • String ID:
                                                                    • API String ID: 2943138195-0
                                                                    • Opcode ID: 21ceaebb6340b33c2880b1d94455a3a587ac808d2dbe1c8140b81e3c0e4e29dc
                                                                    • Instruction ID: 2a9721895a233d805446c21a5fe16cbbf48c7f5001bcadfb12fb91723a94cf34
                                                                    • Opcode Fuzzy Hash: 21ceaebb6340b33c2880b1d94455a3a587ac808d2dbe1c8140b81e3c0e4e29dc
                                                                    • Instruction Fuzzy Hash: 16917B22E1DE92A9FB108BA4D8463AC37A1BB04788F54403ADE4D777B4DF7CA845E340
                                                                    Function 00007FF702BE0BFC Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: _get_daylight$_isindst
                                                                    • String ID:
                                                                    • API String ID: 4170891091-0
                                                                    • Opcode ID: 89e82a0bcb92f9a57c8ce538440e566bc748d838767a3902d6c6661200ebf515
                                                                    • Instruction ID: 701f86224d95607f0842eafb85cc2149b5b2270de2f790b29347168336a83601
                                                                    • Opcode Fuzzy Hash: 89e82a0bcb92f9a57c8ce538440e566bc748d838767a3902d6c6661200ebf515
                                                                    • Instruction Fuzzy Hash: 33510473F042129AEF14FB249C912BCAB65AF1035CF904635DE1E62AE4EBB8E442C710
                                                                    Function 00007FF833ABBB04 Relevance: 6.1, APIs: 4, Instructions: 87COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Name::operator+
                                                                    • String ID:
                                                                    • API String ID: 2943138195-0
                                                                    • Opcode ID: 0bd3be82ad391ae9cd5c01d857b5e8d25ae8efb4ad2905c542e999dede7c0f10
                                                                    • Instruction ID: 7dd09379d73a476b48b744e5922a259f7824894496ddbf4a34f5c01722c5e225
                                                                    • Opcode Fuzzy Hash: 0bd3be82ad391ae9cd5c01d857b5e8d25ae8efb4ad2905c542e999dede7c0f10
                                                                    • Instruction Fuzzy Hash: 52415772A09B85A9EB01CFA4D8413AC37A0FB48B88F548439DA4D67769DF7C9444D350
                                                                    Function 00007FF82043431C Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 156a85c2c41d203c25e044bb8e6fd4ddb8601b684bd8898b8acc129a3bd4f3e8
                                                                    • Instruction ID: 1c6b11686565c7812d06af63e23d36da4ade94abdba34c55069c0eb6d5528c55
                                                                    • Opcode Fuzzy Hash: 156a85c2c41d203c25e044bb8e6fd4ddb8601b684bd8898b8acc129a3bd4f3e8
                                                                    • Instruction Fuzzy Hash: 3C21A33671DB4683EB248B24E8843AA62A0FF89B98F64A231DE5D43784DF3CF5518740
                                                                    Function 00007FF832165B6C Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Err_MemoryX_new
                                                                    • String ID:
                                                                    • API String ID: 1734961617-0
                                                                    • Opcode ID: 757364ee8d4b7c590b20afd03885750955438580def8580dadae8bcfa330c834
                                                                    • Instruction ID: b965fbd9ef759e1c4a0df86215a916a425d4bceb1fdf730af0eab63c32ae1b8e
                                                                    • Opcode Fuzzy Hash: 757364ee8d4b7c590b20afd03885750955438580def8580dadae8bcfa330c834
                                                                    • Instruction Fuzzy Hash: 15017160B1C683A1EB518B62AB441BD62A1EF88BC4F144431DD4EC7B7ADEACF451A640
                                                                    Function 00007FF820439CE8 Relevance: 6.0, APIs: 4, Instructions: 40threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Eval_Thread$ErrorFromL_get_errorL_pendingLastLongLong_R_clear_errorR_peek_last_errorRestoreSave_errno
                                                                    • String ID:
                                                                    • API String ID: 1598009871-0
                                                                    • Opcode ID: 18f16c140b86346108f020d3c2b5d4c2f76529f07b7a2319c0a9b0b80ea4c1b7
                                                                    • Instruction ID: c9d1c4616a9eafb7232cb78042b034853d27f3ff99403343a3cee2a801327d1f
                                                                    • Opcode Fuzzy Hash: 18f16c140b86346108f020d3c2b5d4c2f76529f07b7a2319c0a9b0b80ea4c1b7
                                                                    • Instruction Fuzzy Hash: 73015226A08B4587E720DF15F80002EB770FB9ABC4B649135EF8A47B55DF7CE4518780
                                                                    Function 00007FF832163F4C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                    • String ID:
                                                                    • API String ID: 2933794660-0
                                                                    • Opcode ID: 7ff4e97938adc5bb38bfeebc5981b68ed2a321e3e8e63433a9fab580c5a2b058
                                                                    • Instruction ID: 92f1ebff04b52d616ec30b29e49c5524d6ca66407f8e70d918ee85cfacb24469
                                                                    • Opcode Fuzzy Hash: 7ff4e97938adc5bb38bfeebc5981b68ed2a321e3e8e63433a9fab580c5a2b058
                                                                    • Instruction Fuzzy Hash: 19111C22B18B458AEB008F60E9542BD33B4F719798F440A31DE6D877A4DFBCE1588340
                                                                    Function 00007FF820432F60 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                    • String ID:
                                                                    • API String ID: 2933794660-0
                                                                    • Opcode ID: 7479dcd5c264b601b34307f5de537c019413c16be64f4954e49dc0133827c83b
                                                                    • Instruction ID: eb8735fadfe3fb25a2cb125cf9a4c8d02ea6da62d84644dd7fe697f6273332b3
                                                                    • Opcode Fuzzy Hash: 7479dcd5c264b601b34307f5de537c019413c16be64f4954e49dc0133827c83b
                                                                    • Instruction Fuzzy Hash: BD111C26B14B058AEB009B60EC543A933B4FB19B9CF441A31EA6D867A4DF78E1558380
                                                                    Function 00007FF82043A23C Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: L_get1_sessionN_freeObject_
                                                                    • String ID:
                                                                    • API String ID: 1166137805-0
                                                                    • Opcode ID: 568d996ee06ca4f798cfc8563d0852cf3025c3f41e83a748ff2d1b4f32d7e0e4
                                                                    • Instruction ID: 72552a15209fa7e24d363ef260b2cc8cb79d9e8e01824465c6bad18a498c3174
                                                                    • Opcode Fuzzy Hash: 568d996ee06ca4f798cfc8563d0852cf3025c3f41e83a748ff2d1b4f32d7e0e4
                                                                    • Instruction Fuzzy Hash: EF01D735A09B4682EA148B56F85413A63A0FB88FC8B64A076DE4E47764DF3DF861C780
                                                                    Function 00007FF833AC0D5C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                    • String ID:
                                                                    • API String ID: 2933794660-0
                                                                    • Opcode ID: 15bdf73cda2f41086707368dd9349a273cb6e4dedd62d10c03f2e51642f891d7
                                                                    • Instruction ID: aa5e17e66a74c89fb47709fa5f7ee0ecef4b3ff9920507af5ec26569bf53db0f
                                                                    • Opcode Fuzzy Hash: 15bdf73cda2f41086707368dd9349a273cb6e4dedd62d10c03f2e51642f891d7
                                                                    • Instruction Fuzzy Hash: 3411FA26B58F018AEB00CF60E8562B833B4FB59798F441E35DA6E977A4DF7CD1989340
                                                                    Function 00007FF820D05BD4 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1328197865.00007FF820B41000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF820B40000, based on PE: true
                                                                    • Associated: 00000003.00000002.1328083525.00007FF820B40000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1329652386.00007FF820DF6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1329652386.00007FF820E17000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1329652386.00007FF820E26000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1329652386.00007FF820E30000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1329652386.00007FF820E72000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1329652386.00007FF820F41000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1329652386.00007FF820F49000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1333660203.00007FF821051000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1333721938.00007FF821068000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1333916630.00007FF82106D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1334414716.00007FF82106E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1334443544.00007FF82106F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1334518596.00007FF821070000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1334562200.00007FF821096000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1334590032.00007FF821098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1334624834.00007FF8210A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1334674900.00007FF8210E1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1334706172.00007FF821115000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1334744401.00007FF82113D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1334770228.00007FF821140000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1334797107.00007FF821141000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1334827138.00007FF821142000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1334855593.00007FF821143000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1334886484.00007FF821145000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1334923212.00007FF821154000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1334923212.00007FF821159000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1334923212.00007FF821181000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335006023.00007FF821182000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820b40000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                    • String ID:
                                                                    • API String ID: 2933794660-0
                                                                    • Opcode ID: 4c843af704d4999d6b1dd3508e9d37868a4ccb8a5710554f336d0007bef571e5
                                                                    • Instruction ID: 7f842d7bfbcfb12f3b2662e1eb00070c2d0c13ea95ab5a22404239237fa6a9e7
                                                                    • Opcode Fuzzy Hash: 4c843af704d4999d6b1dd3508e9d37868a4ccb8a5710554f336d0007bef571e5
                                                                    • Instruction Fuzzy Hash: B8112726B15F018AEF00CF60EC582B933A4FB19798F441E35EA6D86BA8DF7CE5548340
                                                                    Function 00007FF83216509C Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: X_free$Object_X_copyX_new
                                                                    • String ID:
                                                                    • API String ID: 745835719-0
                                                                    • Opcode ID: eb5b791a56cfa4efd7b77300c5b46611d480bf6ede16c862cdc3b674d1fa874e
                                                                    • Instruction ID: 29dcd1e1b65dbf47fda39e71f5bfff21bbb0ab65b21e5342e95919a1d2cf1313
                                                                    • Opcode Fuzzy Hash: eb5b791a56cfa4efd7b77300c5b46611d480bf6ede16c862cdc3b674d1fa874e
                                                                    • Instruction Fuzzy Hash: 41013111B1D743A1EA569B12EA541BD6390BF89BC4B184434CD0ECB375DEBCF454A340
                                                                    Function 00007FF820439484 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: P_get_type$J_nid2snL_get_current_compression
                                                                    • String ID:
                                                                    • API String ID: 142675065-0
                                                                    • Opcode ID: 3da896c99888d9aa80a90ef3eeac9b7da922f3b9a6b8d184d43ddf2904203d32
                                                                    • Instruction ID: 4e11ffd20c07e53a4311d029604096e634c7d40f94cad19679f3daad74ff2131
                                                                    • Opcode Fuzzy Hash: 3da896c99888d9aa80a90ef3eeac9b7da922f3b9a6b8d184d43ddf2904203d32
                                                                    • Instruction Fuzzy Hash: 4BF0AC14F0E70791FE599B66BC542351290AF58BDDB2CB434DD0E06391EE2CF89682D0
                                                                    Function 00007FF832162540 Relevance: 6.0, APIs: 4, Instructions: 26COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: DeallocErr_MemoryObject_X_new
                                                                    • String ID:
                                                                    • API String ID: 30467670-0
                                                                    • Opcode ID: 07b7af09d68c579a723ba67249815356d3c446a384986c9a96b528f2e8b7b1d7
                                                                    • Instruction ID: b3d893d59f97d8e58108ca841fbe2f0d228f9f8c609a2965056cc3e90b026f9f
                                                                    • Opcode Fuzzy Hash: 07b7af09d68c579a723ba67249815356d3c446a384986c9a96b528f2e8b7b1d7
                                                                    • Instruction Fuzzy Hash: 40F0FE21D5970282EB275B609A141FD22A4AF09B92F185034CD0D833B0EEBCF494F311
                                                                    Function 00007FF82043BDEC Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Dealloc$Eval_Thread$FreeMem_O_free_allObject_RestoreSaveTrackX_free
                                                                    • String ID:
                                                                    • API String ID: 3459953665-0
                                                                    • Opcode ID: aaae4f0da8f4b114820e3e1a9fa6d1df7972c901db6ce758bcf590fa2f561637
                                                                    • Instruction ID: 1269eda9972534a561f57dedadd186abd1bea75fee52e33ce8e60363ec703f41
                                                                    • Opcode Fuzzy Hash: aaae4f0da8f4b114820e3e1a9fa6d1df7972c901db6ce758bcf590fa2f561637
                                                                    • Instruction Fuzzy Hash: 78F06D36A04B4681DB04AF26F9551786371EF89FD9F28A031DF5E06355CF38E495C780
                                                                    Function 00007FF820434498 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: X509_$E_get0_objectsE_lockE_unlockL_sk_deep_copy
                                                                    • String ID:
                                                                    • API String ID: 1564091015-0
                                                                    • Opcode ID: b05e3104f643a32b0dfc25a8c7a9b13c9443a94e6ce44a509f40f0bd5a7d4f67
                                                                    • Instruction ID: 596495a4a7cee1dabc389dc50d2b0c014b6904f2195f17f93f086197a9aa10eb
                                                                    • Opcode Fuzzy Hash: b05e3104f643a32b0dfc25a8c7a9b13c9443a94e6ce44a509f40f0bd5a7d4f67
                                                                    • Instruction Fuzzy Hash: 4EF03920A0874792EA149B62BE444796760AF88FDCB64A030ED4E02724DE2CF0848780
                                                                    Function 00007FF702BDDB38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325370435.00007FF702BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF702BC0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325327350.00007FF702BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325414053.00007FF702BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325445583.00007FF702C03000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325503267.00007FF702C06000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff702bc0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorFileLastWrite
                                                                    • String ID: U
                                                                    • API String ID: 442123175-4171548499
                                                                    • Opcode ID: 57f6403a17afa6857eb93518903eebf05678db2d18f563f749b6ba14b42682ba
                                                                    • Instruction ID: 3dcbb41cfd76be6bf1c353efaf258e860bbde4cba5531164887160c2e669e0c0
                                                                    • Opcode Fuzzy Hash: 57f6403a17afa6857eb93518903eebf05678db2d18f563f749b6ba14b42682ba
                                                                    • Instruction Fuzzy Hash: 1B41C563718A4291DB20EF25E8443BAAB64FB84794F944531EE8D87758FFBCD441C750
                                                                    Function 00007FF833AB8DB4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Name::operator+
                                                                    • String ID: void$void
                                                                    • API String ID: 2943138195-3746155364
                                                                    • Opcode ID: 9a107da830986a561f624b9ef5478456632fe2e7b7c502874fad34e42bf4480a
                                                                    • Instruction ID: 65c2d30cf70016cf9df7e2680cda9a5cd22d51d18f2a27afaca6b1f81e013cf4
                                                                    • Opcode Fuzzy Hash: 9a107da830986a561f624b9ef5478456632fe2e7b7c502874fad34e42bf4480a
                                                                    • Instruction Fuzzy Hash: 31313772E19F96A8FB01CBA4D8420EC37B4BB48788B840636DE4E67B69DF3C9144D750
                                                                    Function 00007FF832162D20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • PyObject_IsTrue.PYTHON313 ref: 00007FF832162D9B
                                                                      • Part of subcall function 00007FF832161E20: PyModule_GetState.PYTHON313 ref: 00007FF832161E82
                                                                      • Part of subcall function 00007FF832161E20: _Py_hashtable_get.PYTHON313 ref: 00007FF832161E92
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FF832161EB8
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FF832161EEC
                                                                      • Part of subcall function 00007FF832161E20: PyModule_GetState.PYTHON313 ref: 00007FF832161EFD
                                                                      • Part of subcall function 00007FF832161E20: _PyObject_New.PYTHON313 ref: 00007FF832161F06
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FF832161F18
                                                                      • Part of subcall function 00007FF832161E20: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FF832161F34
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_free.LIBCRYPTO-3 ref: 00007FF832161F78
                                                                    • _PyArg_UnpackKeywords.PYTHON313 ref: 00007FF832162DEB
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                    • String ID: sha384
                                                                    • API String ID: 668498394-111829409
                                                                    • Opcode ID: ed64e591d2637e35c2c0792f443ab5a6a940f6338e452bca7ffe72ffe6699bbf
                                                                    • Instruction ID: 7f9b204d737b84d66f308ca3a5583c6ac35d261ba19bf63e5b320e3c6de58e02
                                                                    • Opcode Fuzzy Hash: ed64e591d2637e35c2c0792f443ab5a6a940f6338e452bca7ffe72ffe6699bbf
                                                                    • Instruction Fuzzy Hash: EE21B072A08B8286FA628B02E5106EDA2A4FF44BC4F084132DE4D97768DFBEF5419700
                                                                    Function 00007FF832162E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • PyObject_IsTrue.PYTHON313 ref: 00007FF832162E7B
                                                                      • Part of subcall function 00007FF832161E20: PyModule_GetState.PYTHON313 ref: 00007FF832161E82
                                                                      • Part of subcall function 00007FF832161E20: _Py_hashtable_get.PYTHON313 ref: 00007FF832161E92
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FF832161EB8
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FF832161EEC
                                                                      • Part of subcall function 00007FF832161E20: PyModule_GetState.PYTHON313 ref: 00007FF832161EFD
                                                                      • Part of subcall function 00007FF832161E20: _PyObject_New.PYTHON313 ref: 00007FF832161F06
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FF832161F18
                                                                      • Part of subcall function 00007FF832161E20: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FF832161F34
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_free.LIBCRYPTO-3 ref: 00007FF832161F78
                                                                    • _PyArg_UnpackKeywords.PYTHON313 ref: 00007FF832162ECB
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                    • String ID: sha224
                                                                    • API String ID: 668498394-4253541148
                                                                    • Opcode ID: 70b8a19bc1cc74f33185338e204f5564fef840a8eb572870d12c299672c60b0c
                                                                    • Instruction ID: 35ef0f8e70c7dd23270bcb44fdf124342678f1967d1cadbf92083a4509650056
                                                                    • Opcode Fuzzy Hash: 70b8a19bc1cc74f33185338e204f5564fef840a8eb572870d12c299672c60b0c
                                                                    • Instruction Fuzzy Hash: FA21C531B18B9286EE628B52E5006EDA394FF48BC4F284131DE4D87764DFBCF5409700
                                                                    Function 00007FF832162B60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • PyObject_IsTrue.PYTHON313 ref: 00007FF832162BDB
                                                                      • Part of subcall function 00007FF832161E20: PyModule_GetState.PYTHON313 ref: 00007FF832161E82
                                                                      • Part of subcall function 00007FF832161E20: _Py_hashtable_get.PYTHON313 ref: 00007FF832161E92
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FF832161EB8
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FF832161EEC
                                                                      • Part of subcall function 00007FF832161E20: PyModule_GetState.PYTHON313 ref: 00007FF832161EFD
                                                                      • Part of subcall function 00007FF832161E20: _PyObject_New.PYTHON313 ref: 00007FF832161F06
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FF832161F18
                                                                      • Part of subcall function 00007FF832161E20: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FF832161F34
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_free.LIBCRYPTO-3 ref: 00007FF832161F78
                                                                    • _PyArg_UnpackKeywords.PYTHON313 ref: 00007FF832162C2B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                    • String ID: sha1
                                                                    • API String ID: 668498394-858918954
                                                                    • Opcode ID: 5eb90fb982943358103f29e8b672650407fcb6c08637987bfbf63a5724962ec3
                                                                    • Instruction ID: 024bf7e879b91698271e479803157353c978f6f34e21bc8f068862d845c4b92f
                                                                    • Opcode Fuzzy Hash: 5eb90fb982943358103f29e8b672650407fcb6c08637987bfbf63a5724962ec3
                                                                    • Instruction Fuzzy Hash: 6F21B332B08B5285EA628F21E6446EDA3A4FB48BC4F084130DE4D87764DFBDF5409700
                                                                    Function 00007FF832163260 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • PyObject_IsTrue.PYTHON313 ref: 00007FF8321632DB
                                                                      • Part of subcall function 00007FF832161E20: PyModule_GetState.PYTHON313 ref: 00007FF832161E82
                                                                      • Part of subcall function 00007FF832161E20: _Py_hashtable_get.PYTHON313 ref: 00007FF832161E92
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FF832161EB8
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FF832161EEC
                                                                      • Part of subcall function 00007FF832161E20: PyModule_GetState.PYTHON313 ref: 00007FF832161EFD
                                                                      • Part of subcall function 00007FF832161E20: _PyObject_New.PYTHON313 ref: 00007FF832161F06
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FF832161F18
                                                                      • Part of subcall function 00007FF832161E20: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FF832161F34
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_free.LIBCRYPTO-3 ref: 00007FF832161F78
                                                                    • _PyArg_UnpackKeywords.PYTHON313 ref: 00007FF83216332B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                    • String ID: shake_256
                                                                    • API String ID: 668498394-3942869344
                                                                    • Opcode ID: 1d8aac3feac498c9dd7af8e5d78207d06bc5301275806309ee5672783880b20e
                                                                    • Instruction ID: 50acbc12163825e144707ef197aae561d42775cc2b9c71aa640cf5b3f323b34b
                                                                    • Opcode Fuzzy Hash: 1d8aac3feac498c9dd7af8e5d78207d06bc5301275806309ee5672783880b20e
                                                                    • Instruction Fuzzy Hash: 8C217F32608B9186EA628B52E6446ADA3A4FB48FC4F184134DE4D83765DFBDF5419700
                                                                    Function 00007FF832162C40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • PyObject_IsTrue.PYTHON313 ref: 00007FF832162CBB
                                                                      • Part of subcall function 00007FF832161E20: PyModule_GetState.PYTHON313 ref: 00007FF832161E82
                                                                      • Part of subcall function 00007FF832161E20: _Py_hashtable_get.PYTHON313 ref: 00007FF832161E92
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FF832161EB8
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FF832161EEC
                                                                      • Part of subcall function 00007FF832161E20: PyModule_GetState.PYTHON313 ref: 00007FF832161EFD
                                                                      • Part of subcall function 00007FF832161E20: _PyObject_New.PYTHON313 ref: 00007FF832161F06
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FF832161F18
                                                                      • Part of subcall function 00007FF832161E20: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FF832161F34
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_free.LIBCRYPTO-3 ref: 00007FF832161F78
                                                                    • _PyArg_UnpackKeywords.PYTHON313 ref: 00007FF832162D0B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                    • String ID: sha512
                                                                    • API String ID: 668498394-981861231
                                                                    • Opcode ID: 12240970c16825ce2c7a339ff5ec5a34a7661f8471c1723579acca0032c6cf49
                                                                    • Instruction ID: bc5a9ccadfcd5ccc4859fe1e432a8b623d2258ddab6818fc7e07c5a93065f99b
                                                                    • Opcode Fuzzy Hash: 12240970c16825ce2c7a339ff5ec5a34a7661f8471c1723579acca0032c6cf49
                                                                    • Instruction Fuzzy Hash: D0218E72B08B4686EE628B12EA446EDA2A5FB48BC4F184130DE4D87764DFBCE540E700
                                                                    Function 00007FF832163340 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • PyObject_IsTrue.PYTHON313 ref: 00007FF8321633BB
                                                                      • Part of subcall function 00007FF832161E20: PyModule_GetState.PYTHON313 ref: 00007FF832161E82
                                                                      • Part of subcall function 00007FF832161E20: _Py_hashtable_get.PYTHON313 ref: 00007FF832161E92
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FF832161EB8
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FF832161EEC
                                                                      • Part of subcall function 00007FF832161E20: PyModule_GetState.PYTHON313 ref: 00007FF832161EFD
                                                                      • Part of subcall function 00007FF832161E20: _PyObject_New.PYTHON313 ref: 00007FF832161F06
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FF832161F18
                                                                      • Part of subcall function 00007FF832161E20: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FF832161F34
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_free.LIBCRYPTO-3 ref: 00007FF832161F78
                                                                    • _PyArg_UnpackKeywords.PYTHON313 ref: 00007FF83216340B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                    • String ID: shake_128
                                                                    • API String ID: 668498394-1102867705
                                                                    • Opcode ID: ccc8759d11b5c544821ef5f40d9b1deb1a0ff43bccd9965d239d95ffef6846de
                                                                    • Instruction ID: 523a0604ebb39dcf573d597fe5efbab928521b3cdff686b2692b4a843a13101c
                                                                    • Opcode Fuzzy Hash: ccc8759d11b5c544821ef5f40d9b1deb1a0ff43bccd9965d239d95ffef6846de
                                                                    • Instruction Fuzzy Hash: 89218E32A08B9186EA628B12E6546EEA2A4FF98FC4F184130DE4D87764DFBCE5409700
                                                                    Function 00007FF8321629A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • PyObject_IsTrue.PYTHON313 ref: 00007FF832162A1B
                                                                      • Part of subcall function 00007FF832161E20: PyModule_GetState.PYTHON313 ref: 00007FF832161E82
                                                                      • Part of subcall function 00007FF832161E20: _Py_hashtable_get.PYTHON313 ref: 00007FF832161E92
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FF832161EB8
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FF832161EEC
                                                                      • Part of subcall function 00007FF832161E20: PyModule_GetState.PYTHON313 ref: 00007FF832161EFD
                                                                      • Part of subcall function 00007FF832161E20: _PyObject_New.PYTHON313 ref: 00007FF832161F06
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FF832161F18
                                                                      • Part of subcall function 00007FF832161E20: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FF832161F34
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_free.LIBCRYPTO-3 ref: 00007FF832161F78
                                                                    • _PyArg_UnpackKeywords.PYTHON313 ref: 00007FF832162A6B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                    • String ID: sha256
                                                                    • API String ID: 668498394-1556616439
                                                                    • Opcode ID: 5ee0148e0fec06df706faf83d6b9c37e60e47ebe0efc91c6d27a32b600e5e6c8
                                                                    • Instruction ID: eb58fbf1012c026ad464b709319bef8d3df2ab26afebce667d24fec86afd91d6
                                                                    • Opcode Fuzzy Hash: 5ee0148e0fec06df706faf83d6b9c37e60e47ebe0efc91c6d27a32b600e5e6c8
                                                                    • Instruction Fuzzy Hash: F021B032609B9186FA628B02E6146EDA2A4FB88BC4F184131DE4DC7B65DFFDE540A700
                                                                    Function 00007FF8321630A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • PyObject_IsTrue.PYTHON313 ref: 00007FF83216311B
                                                                      • Part of subcall function 00007FF832161E20: PyModule_GetState.PYTHON313 ref: 00007FF832161E82
                                                                      • Part of subcall function 00007FF832161E20: _Py_hashtable_get.PYTHON313 ref: 00007FF832161E92
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FF832161EB8
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FF832161EEC
                                                                      • Part of subcall function 00007FF832161E20: PyModule_GetState.PYTHON313 ref: 00007FF832161EFD
                                                                      • Part of subcall function 00007FF832161E20: _PyObject_New.PYTHON313 ref: 00007FF832161F06
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FF832161F18
                                                                      • Part of subcall function 00007FF832161E20: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FF832161F34
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_free.LIBCRYPTO-3 ref: 00007FF832161F78
                                                                    • _PyArg_UnpackKeywords.PYTHON313 ref: 00007FF83216316B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                    • String ID: sha3_256
                                                                    • API String ID: 668498394-59190292
                                                                    • Opcode ID: 1a380d7d990d390a7d45ee019aee0d9bda28247b657343f03e0a26770255c166
                                                                    • Instruction ID: 426e2b9c47e3c03ed88bd5a68348bbbec3a80f342961be9f8e381e3feba120f1
                                                                    • Opcode Fuzzy Hash: 1a380d7d990d390a7d45ee019aee0d9bda28247b657343f03e0a26770255c166
                                                                    • Instruction Fuzzy Hash: 4121CD72B09B9186EE628B11E6046EEB2A4FB88FC4F184135DE4D83764DFBDF9449700
                                                                    Function 00007FF832162A80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • PyObject_IsTrue.PYTHON313 ref: 00007FF832162AFB
                                                                      • Part of subcall function 00007FF832161E20: PyModule_GetState.PYTHON313 ref: 00007FF832161E82
                                                                      • Part of subcall function 00007FF832161E20: _Py_hashtable_get.PYTHON313 ref: 00007FF832161E92
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FF832161EB8
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FF832161EEC
                                                                      • Part of subcall function 00007FF832161E20: PyModule_GetState.PYTHON313 ref: 00007FF832161EFD
                                                                      • Part of subcall function 00007FF832161E20: _PyObject_New.PYTHON313 ref: 00007FF832161F06
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FF832161F18
                                                                      • Part of subcall function 00007FF832161E20: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FF832161F34
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_free.LIBCRYPTO-3 ref: 00007FF832161F78
                                                                    • _PyArg_UnpackKeywords.PYTHON313 ref: 00007FF832162B4B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                    • String ID: md5
                                                                    • API String ID: 668498394-3899452385
                                                                    • Opcode ID: d0d903901a9306ee33244f1dddf37dc022cb22594c5a86f09ed334459032734a
                                                                    • Instruction ID: e1db4f27141d13ba28f32e6a51433decacbe21121245cc4edc505e0412505481
                                                                    • Opcode Fuzzy Hash: d0d903901a9306ee33244f1dddf37dc022cb22594c5a86f09ed334459032734a
                                                                    • Instruction Fuzzy Hash: 9121B032B08B5286FA628B11E5446EEA2A4FB48BC4F184530DE4D87B64DFFDE540D700
                                                                    Function 00007FF832163180 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • PyObject_IsTrue.PYTHON313 ref: 00007FF8321631FB
                                                                      • Part of subcall function 00007FF832161E20: PyModule_GetState.PYTHON313 ref: 00007FF832161E82
                                                                      • Part of subcall function 00007FF832161E20: _Py_hashtable_get.PYTHON313 ref: 00007FF832161E92
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FF832161EB8
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FF832161EEC
                                                                      • Part of subcall function 00007FF832161E20: PyModule_GetState.PYTHON313 ref: 00007FF832161EFD
                                                                      • Part of subcall function 00007FF832161E20: _PyObject_New.PYTHON313 ref: 00007FF832161F06
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FF832161F18
                                                                      • Part of subcall function 00007FF832161E20: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FF832161F34
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_free.LIBCRYPTO-3 ref: 00007FF832161F78
                                                                    • _PyArg_UnpackKeywords.PYTHON313 ref: 00007FF83216324B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                    • String ID: sha3_224
                                                                    • API String ID: 668498394-2731072511
                                                                    • Opcode ID: ba782d5e86d8d330d266834c63c7825d47883f428fa720d059488f240703f0f7
                                                                    • Instruction ID: 865c6a3b1f683c69677c258c241264746899f44ebc3a32ddf7b22c123db7d79c
                                                                    • Opcode Fuzzy Hash: ba782d5e86d8d330d266834c63c7825d47883f428fa720d059488f240703f0f7
                                                                    • Instruction Fuzzy Hash: 6F21B032A18B9185EA628B11E6446EDA2A4FB58FC4F184135DE4D83B64DFBCF9459700
                                                                    Function 00007FF832162EE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • PyObject_IsTrue.PYTHON313 ref: 00007FF832162F5B
                                                                      • Part of subcall function 00007FF832161E20: PyModule_GetState.PYTHON313 ref: 00007FF832161E82
                                                                      • Part of subcall function 00007FF832161E20: _Py_hashtable_get.PYTHON313 ref: 00007FF832161E92
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FF832161EB8
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FF832161EEC
                                                                      • Part of subcall function 00007FF832161E20: PyModule_GetState.PYTHON313 ref: 00007FF832161EFD
                                                                      • Part of subcall function 00007FF832161E20: _PyObject_New.PYTHON313 ref: 00007FF832161F06
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FF832161F18
                                                                      • Part of subcall function 00007FF832161E20: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FF832161F34
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_free.LIBCRYPTO-3 ref: 00007FF832161F78
                                                                    • _PyArg_UnpackKeywords.PYTHON313 ref: 00007FF832162FAB
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                    • String ID: sha3_512
                                                                    • API String ID: 668498394-1707686796
                                                                    • Opcode ID: 95a6821129d1f1d855f72332d02fe5b69e412eb7a1ffa0068156916f5b5ea024
                                                                    • Instruction ID: 7b6900f04a804067b9c33b585f6b29ed74c58f70d83d7ebc19e6e4fdc31e8612
                                                                    • Opcode Fuzzy Hash: 95a6821129d1f1d855f72332d02fe5b69e412eb7a1ffa0068156916f5b5ea024
                                                                    • Instruction Fuzzy Hash: BD21D432B18B5289EE62CB11E6046EEA2A4FB48BC4F584170EE4DC7764DFBCF9419740
                                                                    Function 00007FF832162FC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • PyObject_IsTrue.PYTHON313 ref: 00007FF83216303B
                                                                      • Part of subcall function 00007FF832161E20: PyModule_GetState.PYTHON313 ref: 00007FF832161E82
                                                                      • Part of subcall function 00007FF832161E20: _Py_hashtable_get.PYTHON313 ref: 00007FF832161E92
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FF832161EB8
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FF832161EEC
                                                                      • Part of subcall function 00007FF832161E20: PyModule_GetState.PYTHON313 ref: 00007FF832161EFD
                                                                      • Part of subcall function 00007FF832161E20: _PyObject_New.PYTHON313 ref: 00007FF832161F06
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FF832161F18
                                                                      • Part of subcall function 00007FF832161E20: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FF832161F34
                                                                      • Part of subcall function 00007FF832161E20: EVP_MD_free.LIBCRYPTO-3 ref: 00007FF832161F78
                                                                    • _PyArg_UnpackKeywords.PYTHON313 ref: 00007FF83216308B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335086615.00007FF832161000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF832160000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335057464.00007FF832160000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335131444.00007FF832166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335166633.00007FF83216B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335192093.00007FF83216D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff832160000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                    • String ID: sha3_384
                                                                    • API String ID: 668498394-1508202818
                                                                    • Opcode ID: dd3d7342a6a24d8bac69b9d9c36a52b4ac99dcbcc769a6f99eed91a8fe696779
                                                                    • Instruction ID: bfc3e3ca257233b26e5bc900008f5941b1bb9da73f0678861463227fc4884f7b
                                                                    • Opcode Fuzzy Hash: dd3d7342a6a24d8bac69b9d9c36a52b4ac99dcbcc769a6f99eed91a8fe696779
                                                                    • Instruction Fuzzy Hash: D921C531A19B5185FE628B11E5006EEB2A4FB48FC4F184130DE4D83764DFBDF9459740
                                                                    Function 00007FF820437170 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Arg_FreeMem_Parse
                                                                    • String ID: ascii
                                                                    • API String ID: 1432672584-3510295289
                                                                    • Opcode ID: f5fce9aa37173284cbc8c3b08417a57dddbb6008f9acf7b63938aaea596af2d6
                                                                    • Instruction ID: f9eaae3ef9840961d05e184e6f095c7fbd080d3a4836349dd46232bbf15f2e2a
                                                                    • Opcode Fuzzy Hash: f5fce9aa37173284cbc8c3b08417a57dddbb6008f9acf7b63938aaea596af2d6
                                                                    • Instruction Fuzzy Hash: 94110D36608B4185DB109F56F84056AB7A4FB89FD4F589036EF8C43B24DF38E5558740
                                                                    Function 00007FF833AB4E2F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: FileHeader$ExceptionRaise
                                                                    • String ID: Access violation - no RTTI data!$Bad dynamic_cast!
                                                                    • API String ID: 3685223789-3176238549
                                                                    • Opcode ID: 31c157b8eb2ec39060d8679ded3c8c7a40717f4d930d4d3a676af0386f3d6913
                                                                    • Instruction ID: 2988bb489e9f3724b5fcde11c2a30e629332f5ed3c437f26b2dac5b668f73431
                                                                    • Opcode Fuzzy Hash: 31c157b8eb2ec39060d8679ded3c8c7a40717f4d930d4d3a676af0386f3d6913
                                                                    • Instruction Fuzzy Hash: DB018FA5A2AE4AA6EE40DB10E4821B86360FFA0BC4F805031E64E576B5EF6CE585D700
                                                                    Function 00007FF820437398 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Arg_FreeMem_Parse
                                                                    • String ID: ascii
                                                                    • API String ID: 1432672584-3510295289
                                                                    • Opcode ID: 3c54252019d9cb6a265ea78d2762540a7727ad8b531de43f7d6d0286dee9d38e
                                                                    • Instruction ID: 703128d1f11940518b2fd2c581bdbf0f910bef1972bbb52454dac7c4a5bd45d1
                                                                    • Opcode Fuzzy Hash: 3c54252019d9cb6a265ea78d2762540a7727ad8b531de43f7d6d0286dee9d38e
                                                                    • Instruction Fuzzy Hash: 9C115E32A18B4581EB108B56F844B6AA7A4FB48BD8F649136EE8D07B18DF3CF451C780
                                                                    Function 00007FF833AB51D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFileHeaderRaise
                                                                    • String ID: csm
                                                                    • API String ID: 2573137834-1018135373
                                                                    • Opcode ID: 24fc685d9c18a97879a9043e169dd32e9d23318a9617333a79ec660fdc06252e
                                                                    • Instruction ID: b45c320ad881d53b15420c36d3ece2043230f8605138177818258d59d7b6fce9
                                                                    • Opcode Fuzzy Hash: 24fc685d9c18a97879a9043e169dd32e9d23318a9617333a79ec660fdc06252e
                                                                    • Instruction Fuzzy Hash: 6F112B3261AF8182EB258B15F440269B7E5FB88B94F584235DECD57B68EF3CD5518B00
                                                                    Function 00007FF820439B18 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Arg_CheckObject_PositionalTrue
                                                                    • String ID: getpeercert
                                                                    • API String ID: 341638686-200429401
                                                                    • Opcode ID: c18e17b1d58939982dc3e87f4f294c86a832518ae9e246acef8a604b3c3355a4
                                                                    • Instruction ID: 6c4e85f69c80c3afa00c4c9a22e2d22a74f3332998f6475332f979e8f885f632
                                                                    • Opcode Fuzzy Hash: c18e17b1d58939982dc3e87f4f294c86a832518ae9e246acef8a604b3c3355a4
                                                                    • Instruction Fuzzy Hash: DE018F31B18A9186E7509F16BC4056AA7A5FBC8FC8B69A031DE4D87715CE39F842C740
                                                                    Function 00007FF8204385D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    • The context's protocol doesn't support modification of highest and lowest version., xrefs: 00007FF82043CAE3
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Err_$Arg_FormatParseStringWarnX_ctrl
                                                                    • String ID: The context's protocol doesn't support modification of highest and lowest version.
                                                                    • API String ID: 3279334173-1651454126
                                                                    • Opcode ID: e59eaab6640024935a1ede58abc2bb91446422eb90e2050c7fd596c9e80ce0bf
                                                                    • Instruction ID: 3ac2d5c2663686a47dbf6be0dc531230b1c5b5942a56b19b29fc1535fb181229
                                                                    • Opcode Fuzzy Hash: e59eaab6640024935a1ede58abc2bb91446422eb90e2050c7fd596c9e80ce0bf
                                                                    • Instruction Fuzzy Hash: A201DB31B0855281EB10DB59FC40469B361FB847D8B24E132DA5D47B58DF3CF985C780
                                                                    Function 00007FF8204393F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    • Cannot set verify_mode to CERT_NONE when check_hostname is enabled., xrefs: 00007FF820439432
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Err_String$Arg_Parse
                                                                    • String ID: Cannot set verify_mode to CERT_NONE when check_hostname is enabled.
                                                                    • API String ID: 226202181-288992553
                                                                    • Opcode ID: 088063bf2cc826689a680c5927418d976a6d6d60c6251f80823d9311cd2c989a
                                                                    • Instruction ID: 34296c865072e2aff0bcf5b75c215b8629df3423fa689194fca97bd4e32cbc0b
                                                                    • Opcode Fuzzy Hash: 088063bf2cc826689a680c5927418d976a6d6d60c6251f80823d9311cd2c989a
                                                                    • Instruction Fuzzy Hash: E6F01D64E0C60381EF189B16AC4007523A1AFA4BDCB34E136DD2D06794DE3CF8558380
                                                                    Function 00007FF8204363F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Err_StringX_set_verify
                                                                    • String ID: invalid value for verify_mode
                                                                    • API String ID: 4223523404-2668209411
                                                                    • Opcode ID: b43ab485895ccd0c0cd6222b11f6e57fda98c4975d8f7472ead4289cbd1493fb
                                                                    • Instruction ID: 239ee027a52a834baac52d856b52431639f31bc699c9c94ac664bb8654014307
                                                                    • Opcode Fuzzy Hash: b43ab485895ccd0c0cd6222b11f6e57fda98c4975d8f7472ead4289cbd1493fb
                                                                    • Instruction Fuzzy Hash: E1F0A024F0850381FB549B29EC6423812A0FF9478CFF0E432D91D86394DD2DF5558380
                                                                    Function 00007FF8204328A8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Capsule_ImportModule_State
                                                                    • String ID: _socket.CAPI
                                                                    • API String ID: 2652237932-3774308389
                                                                    • Opcode ID: 01308558e83aa2093bdc8233fc923f747cc2914c97e1fe0fac77ec4d42782a7c
                                                                    • Instruction ID: 66743e3b015705add6121c8f98d3d9efa066db3742f7b569194f4d897f2e5fef
                                                                    • Opcode Fuzzy Hash: 01308558e83aa2093bdc8233fc923f747cc2914c97e1fe0fac77ec4d42782a7c
                                                                    • Instruction Fuzzy Hash: 7EE03971E0AA4282FB58AB789C502343290AF48BA8F38A230C91D823D0DE2DF486D740
                                                                    Function 00007FF833ABE4D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00007FF833ABE720: __except_validate_context_record.LIBVCRUNTIME ref: 00007FF833ABE74B
                                                                      • Part of subcall function 00007FF833AB5508: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF833AB108E), ref: 00007FF833AB5516
                                                                    • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF833ABE50A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: __except_validate_context_recordabortterminate
                                                                    • String ID: csm$f
                                                                    • API String ID: 339134311-629598281
                                                                    • Opcode ID: 049055b88727f29c58bed955df15e2ffd86eccd5c54e7ffa759ec555c1e45828
                                                                    • Instruction ID: c1ac643ff21a5b46490dc9c31cd42afa64006205d536f196aeac015c93818273
                                                                    • Opcode Fuzzy Hash: 049055b88727f29c58bed955df15e2ffd86eccd5c54e7ffa759ec555c1e45828
                                                                    • Instruction Fuzzy Hash: 39E02B71C09F4291EB646B21B28257C2BA0EF067D0F188130DA4D17676CE3CD4D0A302
                                                                    Function 00007FF82043CC08 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1325842689.00007FF820431000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF820430000, based on PE: true
                                                                    • Associated: 00000003.00000002.1325820407.00007FF820430000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325867612.00007FF82043D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325893898.00007FF820450000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325918088.00007FF820451000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1325949420.00007FF820459000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff820430000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: Err_Object_StringTrue
                                                                    • String ID: cannot delete attribute
                                                                    • API String ID: 1323943456-1747274469
                                                                    • Opcode ID: 22429c4b634dfe1f2518d4c1d20f1fe22462406bc94d42f99ddfd17505db5988
                                                                    • Instruction ID: ced212dbffa475d3e18fa5ed27ad8222a30e081fbdf27a6915ed0c9c66d7208f
                                                                    • Opcode Fuzzy Hash: 22429c4b634dfe1f2518d4c1d20f1fe22462406bc94d42f99ddfd17505db5988
                                                                    • Instruction Fuzzy Hash: 23E01274E0890681EE589B35AC940346261AF547ECB70F631D92E4A3D0DF2CB5D59780
                                                                    Function 00007FF833AB5524 Relevance: 5.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetLastError.KERNEL32(?,?,?,00007FF833AB53A9,?,?,?,?,00007FF833ABF63F,?,?,?,?,?), ref: 00007FF833AB5543
                                                                    • SetLastError.KERNEL32(?,?,?,00007FF833AB53A9,?,?,?,?,00007FF833ABF63F,?,?,?,?,?), ref: 00007FF833AB55CC
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.1335428044.00007FF833AB1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF833AB0000, based on PE: true
                                                                    • Associated: 00000003.00000002.1335390029.00007FF833AB0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335464893.00007FF833AC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335496265.00007FF833AC9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                    • Associated: 00000003.00000002.1335524226.00007FF833ACA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff833ab0000_setup.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorLast
                                                                    • String ID:
                                                                    • API String ID: 1452528299-0
                                                                    • Opcode ID: 550cea5c84bc0485e2971ce80c0edd506865995108a692b5126701225aaf57c4
                                                                    • Instruction ID: b78b210a440568ad2137455cf3f1c2a212c5b2743fc406242d282e64829bffbf
                                                                    • Opcode Fuzzy Hash: 550cea5c84bc0485e2971ce80c0edd506865995108a692b5126701225aaf57c4
                                                                    • Instruction Fuzzy Hash: 3E114F31E0EF4396FA149B61A84613827A2AF48BE1F144734D96EA73F5DE2CF841E600